analytic-memo
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash
mkdir -pcommand to create the directory structure for saving generated Markdown files. This operation is driven by user input or a default path (~/Documents/research-memos/). While functional, execution of shell commands based on user-supplied variables presents a standard attack surface for command injection if the agent does not sanitize the input. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests and processes untrusted user data for qualitative analysis.
- Ingestion points: User-supplied coding snippets, categories, or raw research data segments defined as 'trigger content' in
SKILL.md. - Boundary markers: Present. The skill instructions mandate wrapping the user's raw input within Markdown blockquotes (
>) in the final document to separate it from the AI-generated analysis. - Capability inventory: Capability to execute shell commands (
mkdir) and perform local file system writes to save the generated memos. - Sanitization: Absent. There are no explicit instructions or regex patterns provided to sanitize the 'trigger content' or the user-provided file path before they are used in file system operations or included in the document.
Audit Metadata