skill-developer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The documentation describes a system that ingests untrusted user prompts and tool inputs to inject context or block operations. • Ingestion points: UserPromptSubmit and PreToolUse hooks (described in HOOK_MECHANISMS.md). • Boundary markers: Visual delimiters (e.g., box drawing characters) are used in output examples. • Capability inventory: Can inject system messages and block tool execution via exit codes. • Sanitization: No explicit sanitization of ingested content is described in the documentation.
- [No Code] (SAFE): The skill contains only Markdown documentation. No executable scripts (.ts, .sh) or JSON configuration files (skill-rules.json) were included in the analyzed set.
Audit Metadata