writer
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The system prompts in SKILL.md use forceful language ('CRITICAL INSTRUCTION', 'YOU MUST USE', 'FORBIDDEN') to mandate the use of this skill and restrict the agent from using standard engineering tools like grep or sed for text editing.
- [COMMAND_EXECUTION]: The run_vale_check function in scripts/text.py executes the external vale command via subprocess.run. The command is constructed with an unvalidated file_path argument provided at runtime.
- [DATA_EXFILTRATION]: The run_vale_check tool permits the agent to pass any file path to the vale linter. If sensitive files are processed, the linter may return snippets of the file content within the violation messages, leading to potential data exposure.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection when analyzing untrusted text. Ingestion points: The text parameter in lint_writing_style, check_markdown_structure, and polish_text functions in scripts/text.py. Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded commands. Capability inventory: The skill can execute system commands through run_vale_check and perform file operations as described in its instructions. Sanitization: None; the text is evaluated directly against regular expressions without escaping or validation.
Audit Metadata