Skills
skills/wanshuiyin/auto-claude-code-research-in-sleep/idea-creator/Gen Agent Trust Hub

idea-creator

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requires and utilizes Bash(*) and external experiment runners (/run-experiment) to execute code during Phase 5 (Parallel Pilot Experiments). This capability is central to the skill's purpose of validating research ideas but provides a powerful primitive that could be exploited if the generated ideas contain malicious commands.
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection as it ingests untrusted data that influences its execution flow.
  • Ingestion points: Reads content from the web via WebSearch and WebFetch in Phase 1, and accesses local project files in papers/ and literature/ using Read.
  • Boundary markers: None identified. The content from Phase 1 is directly concatenated into the prompt for the external LLM in Phase 2 without delimiters or instructions to ignore embedded commands.
  • Capability inventory: The skill has access to Bash(*), Write, Agent, and external experiment execution tools (/run-experiment).
  • Sanitization: There is no evidence of sanitization, filtering, or validation of the text fetched from papers or the web before it is passed to the brainstorming LLM or before the resulting "ideas" are executed as pilots.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 05:58 AM