token-conservation
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill utilizes directive and authoritative language such as 'MANDATORY' and 'Required TodoWrite Items' in the description and body to override the agent's default operational logic and force the skill's inclusion in every session.
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by instructing the agent to process external files and PDFs without security boundaries. Evidence chain: 1. Ingestion points: File content and PDFs are read via 'Read' and 'Grep' tools. 2. Boundary markers: No delimiters or 'ignore instructions' are present. 3. Capability inventory: The agent has access to Read, Edit, Write, Grep, Glob, and Bash capabilities. 4. Sanitization: No content validation or sanitization is mentioned.
- [PROMPT_INJECTION]: The troubleshooting documentation suggests running with 'appropriate privileges' to resolve permission errors, which serves as a behavioral nudge toward privilege escalation.
Audit Metadata