oya
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- NO_CODE (SAFE): No scripts or executable files are provided; the skill functions through template substitution.
- Indirect Prompt Injection (LOW): The skill possesses a surface for indirect instructions. Evidence: 1. Ingestion points:
daily.mdandweekly.mdtemplates. 2. Boundary markers: Absent in placeholders like{copy_verbatim_from_weekly}. 3. Capability inventory: Local file read/write for productivity notes. 4. Sanitization: Absent. - Data Exposure & Exfiltration (SAFE): No credentials, sensitive paths, or network exfiltration patterns were detected.
- Prompt Injection (SAFE): Static analysis of the documentation and templates revealed no attempts to override agent behavior or bypass safety filters.
Audit Metadata