Skills
NYC
skills/thebushidocollective/han/create-blueprint/Gen Agent Trust Hub

create-blueprint

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • PROMPT_INJECTION (LOW): Vulnerable to Indirect Prompt Injection (Category 8). The skill reads and analyzes arbitrary files within the codebase to generate documentation, which could contain malicious instructions designed to influence the agent's behavior. \n
  • Ingestion points: Technical research phase (Step 2) uses Read, Glob, and Grep on implementation files, READMEs, and test files. \n
  • Boundary markers: None specified; there are no instructions to ignore embedded prompts within the researched files. \n
  • Capability inventory: The skill uses the Write tool to create or update files in the repository. \n
  • Sanitization: No sanitization or validation of the content read from files is performed before it is used to generate the output. \n- COMMAND_EXECUTION (LOW): The skill uses a user-provided {system-name} to define the output path for the Write tool. While the instructions specify the blueprints/ directory, a malicious user could potentially attempt path traversal (e.g., ../../etc/passwd) if the underlying tool does not have strict path validation.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:41 PM