crazy-eights
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it processes untrusted data from external files.
- Ingestion points: The skill reads all files within a context/ folder as well as existing crazy-eights.md and sprint-roles.md files from the working directory.
- Boundary markers: The skill instructions do not define delimiters or provide clear directions for the agent to ignore potentially malicious commands found inside these files.
- Capability inventory: The skill can read and write local files in the current workspace; however, it lacks the ability to execute shell commands or perform network operations.
- Sanitization: There is no process for validating, filtering, or sanitizing the content of the files before the agent processes them.
Audit Metadata