chat-archiver
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified.
- Ingestion points: Current conversation history and existing markdown files in the user's knowledge base (SKILL.md).
- Boundary markers: Absent. No delimiters are used to separate untrusted chat data.
- Capability inventory: Local file system operations including read, write, and directory creation (SKILL.md).
- Sanitization: Absent. No explicit sanitization of extracted data is documented.
- [COMMAND_EXECUTION]: The skill uses standard utilities for file and directory management.
- Evidence: Uses ls, glob, and mkdir -p to manage the knowledge base structure (SKILL.md).
- Evidence: The setup process relies on shell commands like cp or copy for configuration (SETUP.md).
Audit Metadata