running-skills-edd-cycle
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted data from 'tests/scenarios.md' without explicit sanitization or boundary markers. 1. Ingestion points: Evaluation scenarios are read from 'tests/scenarios.md' in workflow steps 1, 4, and 5. 2. Boundary markers: Absent; the skill does not define delimiters to separate scenario data from system-level instructions. 3. Capability inventory: The skill invokes several sub-skills (creation, improvement, review) and generates shell commands for the user to execute based on scenario content. 4. Sanitization: Absent; scenario content is interpolated directly into suggested CLI command templates without validation.
Audit Metadata