Skills
skills/willoscar/research-units-pipeline-skills/snapshot-writer/Gen Agent Trust Hub

snapshot-writer

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • [Data Exposure & Exfiltration] (SAFE): The skill only interacts with local project files (CSV, YAML, JSONL) within the workspace and explicitly declares no network access. No exfiltration risk is present.- [Indirect Prompt Injection] (LOW): The skill ingests data from external files (outline/outline.yml, papers/core_set.csv). While these are potential ingestion points for untrusted content, the skill lacks dangerous capabilities (network access, shell execution, or sensitive file reads) required for an exploit to be impactful.
  • Ingestion points: Reads outline/outline.yml, papers/core_set.csv, and papers/papers_dedup.jsonl.
  • Boundary markers: Absent; the role prompts do not explicitly define delimiters for these inputs.
  • Capability inventory: Limited to writing a markdown file to output/SNAPSHOT.md.
  • Sanitization: None specified.- [Remote Code Execution] (SAFE): No remote scripts or external dependencies are referenced or executed.- [Command Execution] (SAFE): No shell commands or subprocess calls are present in the skill definition.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:05 PM