super-save
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection. 1. Ingestion points: User conversation data is ingested via Step 1 and 2 of SKILL.md. 2. Boundary markers (absent): No delimiters or instructions to ignore embedded instructions are present. 3. Capability inventory: Uses the Bash tool to execute a local Node.js script. 4. Sanitization (absent): No sanitization or escaping of shell metacharacters is performed.
- [COMMAND_EXECUTION] (LOW): The skill uses the Bash tool to execute a local script with user-derived content as a parameter in Step 3. Without sanitization, this provides a surface for command injection if the input contains shell-sensitive characters like quotes or backticks.
Audit Metadata