exit-review
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from the session buffer, which may contain instructions from untrusted external sources.
- Ingestion points: Content is read from the 'accumulated learnings from session buffer' as described in the Workflow section of SKILL.md.
- Boundary markers: Absent. The instructions do not specify the use of delimiters or clear separation between the untrusted session data and the agent's processing logic.
- Capability inventory: The skill performs file-write operations to various subdirectories within '$VAULT_DIR' based on classification outcomes (SKILL.md).
- Sanitization: The workflow includes a mandatory classification step where the agent is instructed to identify and discard 'RED' sensitive information, which serves as a security control against credential exposure.
Audit Metadata