section-merger
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes a local Python script located at
.codex/skills/section-merger/scripts/run.pyto perform the file merging logic. This is a standard execution pattern for skills that require specific logic not natively available in the agent's core capabilities.- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection through its data ingestion pipeline.\n - Ingestion points: The skill reads from potentially untrusted or externally generated files including
sections/*.md,outline/transitions.md, andoutline/outline.yml.\n - Boundary markers: The skill documentation does not mention any delimiters or instructions for the agent to ignore embedded commands within the ingested text.\n
- Capability inventory: The skill possesses the ability to read from and write to the filesystem through the execution of its local script.\n
- Sanitization: There is no evidence of content sanitization or validation before the ingestion and merging of external text.
Audit Metadata