nav-profile
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): The skill implements a persistent user profile (memory) that acts as an ingestion surface for untrusted data.\n- Ingestion points: Raw user input is parsed in preference_extractor.py, and JSON data for 'goals' or 'corrections' is stored via profile_manager.py.\n- Boundary markers: Absent; the format_profile_display function in profile_manager.py outputs profile content back to the agent context without escaping or instruction-blocking delimiters.\n- Capability inventory: Local workspace file-write access to create and update .agent/.user-profile.json.\n- Sanitization: None; the system does not validate or escape the content of stored fields, which allows malicious instructions to be saved and later re-processed as part of the agent's context.
Audit Metadata