knowledge-refiner
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest and process untrusted unstructured content from the
work/andknowledge/directories. It lacks explicit boundary markers or sanitization protocols for this data. Since the skill has the capability to write to specified output paths (outargument) and influence the agent's internal knowledge base, a malicious payload within a processed note could redirect the agent to leak information or corrupt the knowledge repository. - [Data Exposure & Exfiltration] (MEDIUM): The 'Knowledge Protocol' section indicates the skill interacts with 'Confidential (Company/Client)' and 'Personal' knowledge tiers, including secrets. While no hardcoded credentials are found, the functionality that merges these tiers into structured files creates a risk where sensitive data could be consolidated and then exfiltrated if the output path or refinement logic is manipulated.
Recommendations
- AI detected serious security threats
Audit Metadata