grief-companion
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill definition presents an attack surface for indirect prompt injection through its data processing capabilities.\n
- Ingestion points: The skill utilizes
WebFetchandWebSearchtools (as defined inSKILL.md) to ingest untrusted data from external websites.\n - Boundary markers: No explicit delimiters or instructions are provided to the agent to disregard potential malicious directives embedded in retrieved web content.\n
- Capability inventory: The skill is configured with powerful tools including
Bash,Write,Edit, andNotebookEdit(specified inSKILL.md), which could be targeted if the agent follows instructions from an external source.\n - Sanitization: The skill does not define specific methods for sanitizing or validating external content retrieved from the web before processing it.\n- [EXTERNAL_DOWNLOADS]: The resource directory (
references/grief-resources-directory.md) contains references and links to well-known and trusted organizations such as the 988 Suicide & Crisis Lifeline, Psychology Today, and GriefShare. These references are used for providing legitimate support resources and do not represent a security risk.
Audit Metadata