checkpoint-resume
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Potential indirect prompt injection surface detected in SKILL.md. 1. Ingestion points:
fileUrlanderrorMessageare accepted from external processing loops. 2. Boundary markers: Absent; the implementation does not wrap external data in delimiters or provide 'ignore instructions' warnings. 3. Capability inventory: The skill performs database updates and SQL RPC calls. 4. Sanitization: Absent; the code persists theerrorMessagedirectly without escaping or validation. While benign in isolation, an attacker-controlled error string could influence downstream agents reading the checkpoint database. - [CREDENTIALS_UNSAFE] (SAFE): No hardcoded secrets, tokens, or private keys were found in the SQL or TypeScript implementation.
- [REMOTE_CODE_EXECUTION] (SAFE): No external packages are installed, and no remote scripts are fetched or executed. The logic is entirely local or database-stored.
- [DATA_EXFILTRATION] (SAFE): No unauthorized network calls or access to sensitive system files (e.g., .ssh/config, .env) were detected.
Audit Metadata