user-onboarding
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by capturing unvalidated user input and persisting it into structured Markdown files used by other system components.
- Ingestion points: User responses gathered during Phase 1 (Identity), Phase 2 (Schedule), and Phase 3 (Motivation/Goals) are used to populate profile files.
- Boundary markers: No specific delimiters or instructions are provided to the agent to treat the user input as untrusted data when writing to files.
- Capability inventory: The skill explicitly defines file-write operations to several files under the
~/.openanalyst/profile/directory (e.g.,profile.md,availability.md,preferences.md,motivation-triggers.md). - Sanitization: There is no evidence of input validation, escaping, or sanitization logic to prevent a user from injecting Markdown formatting or instructions that could influence downstream tools like the 'Schedule Replanner' or 'Motivation Generator'.
Audit Metadata