tldr
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection vulnerability surface detected. The skill processes untrusted data from the conversation history to generate file content and titles.
- Ingestion points: Conversation history is ingested from the current session in Step 1.
- Boundary markers: Absent. The skill does not use delimiters to isolate the conversation content from its internal summarization logic.
- Capability inventory: The skill possesses file system write capabilities used to save the notes in Step 3.
- Sanitization: Absent. There is no instruction to sanitize or validate the generated file names or paths, which could be exploited for path traversal.
- [COMMAND_EXECUTION]: The skill performs file system write operations. This is a sensitive capability when handling content derived from untrusted inputs.
- [NO_CODE]: No external scripts, executables, or code files are included with this skill; it consists entirely of instructions in the SKILL.md file.
Audit Metadata