dara-denney
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest data from external MCP tools, which constitutes an attack surface for indirect prompt injection. \n
- Ingestion points: Information is retrieved through the
mcp__persona-agent__retrieve_mental_models,mcp__persona-agent__retrieve_core_beliefs, andmcp__persona-agent__retrieve_transcriptstools. \n - Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the retrieved text. \n
- Capability inventory: The skill only has text synthesis capabilities and does not have access to high-risk tools for command execution, file system access, or network operations. \n
- Sanitization: The workflow does not specify any sanitization or validation for the content returned by the tools. \n- [Prompt Injection] (SAFE): The skill uses strong directives (e.g., 'CRITICAL', 'MUST') to ensure consistent persona behavior, but these do not attempt to bypass safety filters or extract system information.
Audit Metadata