Oathe Security Badge

Is blader/humanizer safe?

https://github.com/blader/humanizer

97
SAFE

blader/humanizer is a pure-Markdown AI writing editing skill with no executable code, no network exfiltration, and no prompt injection attempts. The repository contains only well-structured Markdown files and JSON plugin manifests; all monitored canary files remain intact and their brief access events are attributable to the oathe-audit baseline infrastructure rather than the skill. The only minor notes are that the skill requests Write/Edit access (necessary for its stated purpose) and includes a user-directed file-read feature for voice calibration that relies on user-supplied paths.

Category Scores

Prompt Injection 96/100 · 30%
Data Exfiltration 97/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 97/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 93/100 · 5%

Findings (4)

INFO No executable code — pure Markdown skill 0

The repository contains only Markdown files (SKILL.md, README.md, AGENTS.md), a LICENSE, and two JSON plugin manifests. There is no package.json, no npm install scripts, no git hooks, no .gitattributes filters, no submodules, and no symlinks. The skill executes entirely by injecting the SKILL.md content into the agent's context.

INFO Network activity limited to expected GitHub HTTPS clone 0

The only external network destination observed was 140.82.121.4:443 (GitHub), reached via a standard TLS handshake during git clone. DNS queries resolved only github.com. No connections to attacker-controlled infrastructure, no data uploads, and no unexpected DNS queries were observed.

INFO No prompt injection, persona override, or hidden instructions detected 0

Full review of SKILL.md found no instructions to override system prompts, ignore previous instructions, suppress output, encode data, fetch external URLs, switch persona, or chain with other skills unexpectedly. The content is exclusively a well-structured writing-editing guide with 33 numbered patterns, before/after examples, and clear scope boundaries.

LOW User-directed file read for voice calibration -4

The skill includes an optional voice calibration feature that allows users to point the agent at a file containing their own writing samples. Because the file path comes from the user, not from the skill itself, this is not an autonomous data access risk. It could theoretically be abused if a user was socially engineered to provide a sensitive file path, but the skill contains no language to encourage or trick users into doing so.