glossary-creation
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill reads external data from multiple markdown documents to extract terminology. This creates a vulnerability surface where malicious instructions embedded in the documents could potentially influence the agent's behavior.
- Ingestion points: The skill reads
docs/product-requirements.md,docs/functional-design.md,docs/architecture.md,docs/repository-structure.md, anddocs/development-guidelines.md. - Boundary markers: There are no delimiters or explicit instructions provided to the agent to ignore embedded commands within the ingested text.
- Capability inventory: The skill has the capability to read local files and write a new documentation file (
docs/glossary.md). - Sanitization: No input validation or sanitization logic is present to filter malicious strings from the documentation files.
- [Data Exfiltration] (SAFE): No network operations (e.g., curl, wget, fetch) or access to sensitive credentials (e.g., API keys, SSH keys) were detected.
- [Remote Code Execution] (SAFE): The skill does not download external packages or execute remote scripts; all operations are local and static.
Audit Metadata