mermaid
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Prompt Injection (LOW): The
SKILL.mdfile appends the$ARGUMENTSvariable directly to the prompt template without the use of delimiters (such as XML tags or triple quotes) or specific instructions to treat the input as literal data. This makes the skill susceptible to direct prompt injection attacks where a user could potentially override the agent's system instructions. - Indirect Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection if the user-provided requirements are sourced from untrusted external data.
- Ingestion points: The
$ARGUMENTSplaceholder in theSKILL.mdworkflow. - Boundary markers: Absent; there are no delimiters or 'ignore embedded instructions' warnings around the user input.
- Capability inventory: The skill permits high-privilege operations including
Read,Write, andEdittools. - Sanitization: There is no evidence of input escaping, validation, or filtering for the user-supplied content.
- No Executable Code Detected (SAFE): The skill consists entirely of 17 Markdown files providing documentation and syntax references. No Python scripts, JavaScript files, shell scripts, or package manifest files are present, which eliminates the risk of direct remote code execution or credential exfiltration through skill scripts.
Audit Metadata