skill-tree-generator
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes external artifacts (domain_map.yaml, skill_spec.md) to generate SKILL.md documentation. Malicious instructions embedded in these source artifacts could influence the generated content. 1. Ingestion points: skills/_artifacts/domain_map.yaml and skills/_artifacts/skill_spec.md. 2. Boundary markers: The skill templates utilize YAML frontmatter and Markdown headers as structural delimiters to separate generated sections. 3. Capability inventory: Writing to the local filesystem (creating SKILL.md files) and modifying project configuration (package.json). 4. Sanitization: The skill lacks explicit instructions for sanitizing or escaping the content retrieved from input artifacts before interpolation.
- [COMMAND_EXECUTION]: The skill instructions direct the agent to run the intent edit-package-json command to automatically update project metadata. This is a local execution capability associated with the vendor's specialized tooling for managing library skills.
Audit Metadata