status
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill reads and processes local files and directory contents, creating a surface for indirect prompt injection.
- Ingestion points: The skill reads
MEMORY.md,inbox/, andprocedures/to report on their status (file counts and line counts) inSKILL.md. - Boundary markers: Absent. The instructions do not define delimiters or provide warnings to ignore embedded instructions within the monitored files.
- Capability inventory: The skill is restricted to reading file system metadata and displaying it to the user. No network or arbitrary command execution capabilities are exposed via the ingested data.
- Sanitization: The skill does not implement validation or escaping for the data it aggregates from the repository.
Audit Metadata