konstantinos
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (LOW): The skill uses strong persona-enforcement instructions, such as 'NEVER break character' and 'NEVER mention you're an AI'. While these are common techniques for creating high-fidelity personas, they technically fall under role-play instruction patterns. Given the context of the skill's primary purpose, this is considered a benign implementation.
- [Indirect Prompt Injection] (LOW): The skill processes untrusted user input and interpolates it into search queries for its MCP retrieval tools.
- Ingestion points: User queries are processed in Step 1 and Step 3.
- Boundary markers: No specific delimiters or 'ignore embedded instructions' warnings are present in the tool query construction.
- Capability inventory: Accesses read-only retrieval tools (
retrieve_mental_models,retrieve_core_beliefs,retrieve_transcripts). - Sanitization: No explicit sanitization or filtering of user input is performed before tool invocation.
- [Command Execution] (SAFE): The skill does not contain any patterns for arbitrary command execution or shell access.
- [Data Exfiltration] (SAFE): No unauthorized network operations, hardcoded credentials, or sensitive file path accesses were detected.
Audit Metadata