quarterly-review
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill possesses a vulnerability surface by ingesting untrusted data and having file-write capabilities. * Evidence: 1. Ingestion points: Reads from
.research/project_telos.mdand.research/logs/monthly/*.md. 2. Boundary markers: None identified; external content is processed without delimiters. 3. Capability inventory: Can write to~/.researchAssistant/quarterly/and modify~/.researchAssistant/researcher_telos.md. 4. Sanitization: None identified. - [Data Exposure] (LOW): The skill accesses sensitive directory paths (
~/.researchAssistant/). While consistent with the stated purpose, it establishes a pattern of accessing files outside the immediate working directory.
Audit Metadata