agentation-self-driving
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface.\n
- Ingestion points: The
agentation_watch_annotationstool inreferences/two-session-workflow.mdingests data that originates from external web pages scanned by the Critic agent.\n - Boundary markers: No specific delimiters or instruction-ignore warnings are defined to separate untrusted web content from the agent's instructions.\n
- Capability inventory: The Fixer agent has the capability to read local files and perform file-write operations to the codebase.\n
- Sanitization: No sanitization or escaping mechanisms are described for the annotation text before it influences code edits.\n- [COMMAND_EXECUTION] (SAFE): Intended Code Modification. The workflow grants an agent the ability to 'make the fix' by editing the local codebase. While this is a high-privilege capability, it is the stated primary purpose of the skill and is considered safe in that context, provided inputs are trusted.
Audit Metadata