perf-investigation-logger
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill incorporates an indirect prompt injection surface by logging untrusted user data into the file system. \n
- Ingestion points: Verbatim user quotes are ingested and processed according to the instructions in SKILL.md. \n
- Boundary markers: The skill uses double-quote delimiters for the output format but does not provide instructions to the agent to ignore or escape instructions that may be embedded within the user quotes. \n
- Capability inventory: The skill utilizes file-writing capabilities to append structured notes to the performance investigation directory within the state directory. \n
- Sanitization: No sanitization, validation, or escaping of the ingested user content is specified or implemented.
Audit Metadata