document
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses dynamic context injection syntax (
!date +%Y-%m-%d) to generate directory names for the review output. While the command is benign and does not take user input, it represents load-time shell execution. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8).
- Ingestion points: The skill ingests untrusted data from the local filesystem (files analyzed during the modularity review) via the
Readtool. - Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands within the ingested project data.
- Capability inventory: The skill has
ReadandWritepermissions, allowing it to read code and write files (including HTML) to the user's project. - Sanitization: The instructions do not specify any sanitization or escaping of the project data before it is interpolated into the final Markdown and HTML review documents.
- [DATA_EXPOSURE]: The skill mandates the inclusion of hyperlinks to
coupling.devandvladikk.com. These are identified as vendor-owned domains belonging to the skill author and are used for documentation and attribution.
Audit Metadata