agent-flight-recorder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Data Exposure & Exfiltration (SAFE): The skill writes log files to a local directory (
.agents/flight-recorder/). It contains explicit, clear instructions to exclude secrets, tokens, API keys, and PII, directing the agent to summarize or anonymize instead. No network operations or external data transmissions are defined. - File System Operations (SAFE): The skill requires standard file system permissions to create and append to markdown/YAML files within the project root. It demonstrates security awareness by instructing the agent to update
.gitignoreto prevent these logs from being committed to version control. - Indirect Prompt Injection (SAFE): As a logging utility, the skill ingests state and error data from the environment. Risk is mitigated by:
- Ingestion points: Captures 'situation' and 'signal' from task execution.
- Boundary markers: Uses strictly fenced YAML blocks for all output.
- Capability inventory: Limited to local file creation and append.
- Sanitization: Requires the agent to summarize 'why' and anonymize content, reducing the likelihood of persisting malicious payload from untrusted environment signals.
Audit Metadata