Skills
skills/wordflowlab/novelweave/style-detector/Gen Agent Trust Hub

style-detector

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill's design involves reading instruction sets from .claude/knowledge-base/styles/*.md and using them to direct agent behavior and modify specification.md. This creates a vulnerability where malicious content in those files can override agent safety and logic.\n- Category 8 Evidence Chain (File: SKILL.md):\n
  • Ingestion points: Markdown files located at .claude/knowledge-base/styles/{style-name}.md.\n
  • Boundary markers: Absent. Instructions from external files are merged into the prompt context without delimiters.\n
  • Capability inventory: Read (file access) and Edit (file modification) tools are used across all scripts.\n
  • Sanitization: None. The skill implicitly trusts the loaded file content and instructs the agent to 'strictly follow' it.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:17 PM