global-knowledge
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes project-level knowledge, episodic memories, and session notes for promotion to a global repository, which constitutes an indirect prompt injection surface. * Ingestion points: Untrusted project skill files, session notes, and episodic memory records. * Boundary markers: Absent; the skill content does not specify the use of delimiters or 'ignore embedded instructions' warnings for data being promoted to global memory. * Capability inventory: Ability to perform full-text search and file creation/management within the local ~/.alex/ directory; no high-risk capabilities such as arbitrary subprocess execution or network-based exfiltration are present in the analyzed files. * Sanitization: Absent; there is no explicit mention of sanitizing or validating external content before it is processed and stored.
- [EXTERNAL_DOWNLOADS]: The skill references an external repository (fabioc-aloha/Alex-Global-Knowledge) as the backing store for global knowledge, which matches the author's verified identity.
Audit Metadata