memory
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from external sources to generate summaries.
- Ingestion points: Data is ingested in
commands/log/daily.md(via git diff and task content),commands/log/git.md(via git log output), and in the weekly/monthly roll-up commands that read previously generated files. - Boundary markers: The instructions do not define clear delimiters or include warnings for the agent to ignore instructions that might be embedded within the git logs or task bodies being summarized.
- Capability inventory: The skill possesses
Read,Write, andEditfile permissions, along with the ability to execute system commands viaBash(including git, mkdir, and npx). - Sanitization: There is no evidence of sanitization, filtering, or escaping of the external content before it is processed by the LLM for report generation.
Audit Metadata