prompt-version-editor
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [Data Exposure] (LOW): The skill hardcodes an absolute local file path (/Users/wisewong/Documents/Developer/prompts). This targets a specific user environment and identifies the directory structure of the host machine.
- [Indirect Prompt Injection] (LOW): The skill is susceptible to path traversal attacks because it uses a user-provided 'task slug' to construct file system paths for read and write operations.
- Ingestion points: User-provided task names (slugs) and prompt content from files or input.
- Boundary markers: No markers or 'ignore' instructions are used when reading existing prompt files or incorporating user input into file paths.
- Capability inventory: The skill performs local file system reads and writes (e.g., '读取该目录下最新版本提示词文件', '保存为任务目录下的新版本文件').
- Sanitization: While the skill contains internal instructions to 'fix vulnerabilities' within the prompts themselves, it lacks any logic to sanitize the 'task-slug' input to prevent directory traversal (e.g., '../../').
Audit Metadata