save
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill's core functionality involves reading and writing to a local wiki/ folder. These actions are consistent with its purpose and the provided instructions.
- [PROMPT_INJECTION]: The skill extracts information from conversation history, presenting a surface for indirect prompt injection. 1. Ingestion points: Current conversation history (SKILL.md). 2. Boundary markers: Absent; no markers distinguish data from instructions in the prompt. 3. Capability inventory: Read, Write, Edit, Glob, and Grep tools are used for file system interaction (SKILL.md). 4. Sanitization: Absent; the skill does not validate or sanitize extracted conversation content before writing it to files.
Audit Metadata