Skills
skills/team-attention/plugins-for-claude-natives/vague/Gen Agent Trust Hub

vague

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOWPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill contains an inherent vulnerability surface for processing malicious instructions embedded in vague user requests.
  • Ingestion points: Phase 1 (SKILL.md) captures original user requirements verbatim.
  • Boundary markers: Phase 3 (SKILL.md) uses double quotes for the 'Before' summary but lacks explicit instructions to ignore embedded commands.
  • Capability inventory: Phase 4 (SKILL.md) grants the agent the ability to write clarified requirements to the local filesystem.
  • Sanitization: No sanitization or validation of the input content is described. While the structured 'AskUserQuestion' flow limits the risk, the file-write capability allows a small potential for an attacker to influence the filesystem through manipulated inputs.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 08:44 PM