prompt-classification-save
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest untrusted data (prompts provided by users) and perform file system operations based on that content.
- Ingestion points: Untrusted content enters the agent context through user requests like "save this prompt" or "organize this."
- Boundary markers: No specific boundary markers or delimiters are defined to isolate the untrusted prompt content from the agent's instructions during the saving process.
- Capability inventory: The skill possesses file-write capabilities, specifically creating markdown files in the
/Prompt栳理/directory and appending entries to anINDEX.mdfile. - Sanitization: There is no evidence of content validation, escaping, or filtering of the user-provided prompt text before it is written to the persistent file system.
Audit Metadata