inner-life-reflect
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements an autonomous reflection system that reads from 'memory/diary/' logs to update 'memory/SELF.md'. This exposes the agent to indirect prompt injection, as malicious user instructions stored in history logs could be processed and incorporated into the agent's long-term personality or behavioral patterns.
- Ingestion points: Data is read from 'memory/diary/', 'memory/inner-state.json', 'memory/habits.json', and 'memory/drive.json'.
- Boundary markers: No specific delimiters or instructions are provided to help the agent distinguish between its own previous thoughts and external user input contained within the logs.
- Capability inventory: The skill is designed to modify the agent's core identity and habit files, specifically 'memory/SELF.md' and 'memory/habits.json'.
- Sanitization: The instructions do not include any steps for sanitizing, filtering, or validating the content extracted from the diary logs before it is used for reflection.
Audit Metadata