checkpoint
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill instructions command the agent to "Skip the style profile protocol" and to load additional shared rules from an external file (
base.md). These directives represent overrides of default operational guidelines.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and restores essay drafts from the filesystem without explicit sanitization or boundary markers. Mandatory Evidence Chain: 1. Ingestion points: Thecheckpoints/directory is the primary data source. 2. Boundary markers: Absent in the instructions for viewing or restoring drafts. 3. Capability inventory: File-system read and write access. 4. Sanitization: Absent.
Audit Metadata