thematic-analysis
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core workflow of processing external text data and exercising file-system capabilities.
- Ingestion points: The skill ingests raw interview transcripts and user-provided initial codes ('原始访谈文本' and '已有初始编码') as the primary input for analysis.
- Boundary markers: Absent. There are no instructions to use delimiters or provided system-level warnings to disregard instructions potentially embedded within the research data.
- Capability inventory: The skill explicitly mandates the use of the 'Write' tool to save findings to local Markdown files (e.g., 'coding_.md' and 'themes_.md') in the root project directory and '~/Documents/research-memos/themes/'.
- Sanitization: Absent. No verification or escaping of the input content is performed before it is analyzed or written to the local filesystem.
Audit Metadata