conductor-upgrade
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted configuration and template files to update its own instructions (SKILL.md).
- Ingestion points: Reads versioned logic from files located in
references/conductor-X.Y.Z/. - Boundary markers: Absent; there are no instructions to ignore or delimit embedded commands within the reference files.
- Capability inventory: Extensive file-write capabilities across
SKILL.md, thereferences/directory, and theassets/directory, combined with Git version control operations. - Sanitization: Absent; the skill lacks validation or sanitization logic for the content read from external references before updating the agent's operational logic.
Audit Metadata