skill-creation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions attempting to bypass safety filters or override system prompts were found. The instructional language is benign and focused on structural guidance.
- [Data Exposure & Exfiltration] (SAFE): The skill references local session logs (~/.factory/sessions/) for analysis using ripgrep (rg). This is appropriate for its stated purpose of learning from past interactions. No network requests, hardcoded credentials, or exfiltration patterns were detected.
- [Command Execution] (SAFE): The skill suggests using rg (ripgrep) for searching local session logs. These are standard read-only search operations and do not involve shell injection or dangerous command execution.
- [Remote Code Execution] (SAFE): No patterns for downloading or executing remote scripts were found. Examples in the text (like npm test) are illustrative for the user and not executed by the skill itself.
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process data from past sessions. While there is a risk that malicious data in a past session could be 'learned' or codified into a new skill, this is a general risk of the use-case rather than a specific exploit in the code. Evidence: 1. Ingestion points: session logs via rg. 2. Boundary markers: none mentioned. 3. Capability inventory: file write to .factory/skills/. 4. Sanitization: none mentioned.
Audit Metadata