mfm-hosts
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- PROMPT_INJECTION (SAFE): The skill uses strong directives (e.g., 'CRITICAL', 'MUST') to enforce a specific persona and linguistic style. While these are technically 'system instructions', they are used legitimately to define the AI's behavior and do not attempt to bypass safety filters or ignore core agent guidelines.
- DATA_EXFILTRATION (SAFE): No evidence of credential hardcoding, sensitive file access, or unauthorized network calls. The tool calls are restricted to an internal MCP namespace (
mcp__persona-agent). - REMOTE_CODE_EXECUTION (SAFE): The skill does not perform any remote script downloads, package installations, or dynamic code execution.
- INDIRECT_PROMPT_INJECTION (LOW): The skill ingests data from external retrieval tools (
retrieve_mental_models,retrieve_transcripts). While it lacks explicit boundary markers for this data, the overall capability of the skill is limited to text generation within a persona, presenting minimal risk.
Audit Metadata