extract
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests untrusted data from session transcripts stored in
.agents/ao/pending.jsonl. If these transcripts contain malicious payloads, the agent could be manipulated into performing unintended actions during the extraction process. • Ingestion points:.agents/ao/pending.jsonl. • Boundary markers: None identified; transcripts are processed without delimiters. • Capability inventory: Writing files to.agents/learnings/and executing theaoCLI tool. • Sanitization: Absent; the skill does not escape or validate transcript content. - Command Execution (SAFE): The skill executes the
aoCLI and standard utilities likecat,head, andls. These commands are used for their intended purpose of queue management and file validation within the agent's workspace.
Audit Metadata