Skills
skills/yipng05-max/-skills/grounded-coding/Gen Agent Trust Hub

grounded-coding

Warn

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/export_coding.py executes subprocess.check_call to install the openpyxl library from the public PyPI registry. This action modifies the local environment by running shell commands at runtime.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to its handling of external, untrusted research data.
  • Ingestion points: The skill reads interview records and qualitative data from local file paths provided by the user as described in SKILL.md.
  • Boundary markers: The instructions do not define clear delimiters or use "ignore embedded instructions" warnings when processing the contents of these files.
  • Capability inventory: The skill has the ability to write multiple Markdown files to the workspace (coding_GT_*.md) and execute a Python script (export_coding.py) which performs environment modifications.
  • Sanitization: There is no evidence of sanitization or filtering of the content within the processed qualitative files prior to analysis or inclusion in generated reports.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 6, 2026, 03:35 AM