signal-detector
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is designed to capture and organize user thoughts and entities into a local knowledge base using platform tools. It is restricted to specific directories such as people/, companies/, and concepts/.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes all inbound messages and is explicitly instructed to capture exact phrasing without sanitization. • Ingestion points: Inbound messages (always-on trigger in SKILL.md). • Boundary markers: Absent; message content is processed without delimiters. • Capability inventory: File modification via put_page, linking via add_link, and timeline updates via add_timeline_entry. • Sanitization: No validation or escaping is applied to the untrusted input before it is written to the knowledge base.
Audit Metadata