tc-tracker
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via its core 'Session Handoff' feature.
- Ingestion points: The agent is instructed to read
tc_record.json(specifically thesession_context.handoffblock) to resume work in new sessions. - Boundary markers: The provided instructions in
references/handoff-format.mdandSKILL.mdlack explicit guidance for the agent to treat handoff data as untrusted or to ignore embedded commands. - Capability inventory: The skill includes Python scripts (
tc_update.py,tc_create.py, etc.) that perform file system operations (write/update) and could be misused if the agent follows malicious 'next_steps' parsed from the handoff record. - Sanitization: There is no evidence of sanitization or validation of the natural language content stored in
progress_summary,next_steps, orkey_contextfields before they are processed by the agent in subsequent sessions.
Audit Metadata