Skills
skills/xfstudio/skills/ai-wrapper-product/Gen Agent Trust Hub

ai-wrapper-product

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • PROMPT_INJECTION (MEDIUM): The skill demonstrates code patterns vulnerable to Indirect Prompt Injection where untrusted data is interpolated into prompt strings without sufficient isolation.
  • Ingestion Points: userInput in generateContent and the promptTemplates.emailWriter properties in SKILL.md.
  • Boundary Markers: Absent. The templates do not use delimiters or structural markers to separate instructions from user-controlled content.
  • Capability Inventory: The provided logic interacts with external LLM providers (anthropic.messages.create), creating a path for exfiltration or behavior manipulation if the AI obeys instructions embedded in user input.
  • Sanitization: Only length validation is present; no escaping of control characters or content filtering is implemented.
  • EXTERNAL_DOWNLOADS (LOW): The skill references the @anthropic-ai/sdk package.
  • Trusted Source: The package originates from a trusted organization (Anthropic). Per [TRUST-SCOPE-RULE], this finding is downgraded to LOW.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 04:39 AM