mindos-zh
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed for controlled management of local Markdown and CSV files. It incorporates defensive programming patterns such as 'read-before-write' requirements, path verification before creation, and the use of line-level or section-level editing tools to minimize invasive changes.
- [PROMPT_INJECTION]: The skill identifies an attack surface for indirect prompt injection by processing untrusted external inputs like meeting minutes or chat logs. This risk is mitigated by the mandatory requirement to present a 'routing plan' for user approval before modifying any files, ensuring the user remains in the loop for cross-file updates.
- [DATA_EXFILTRATION]: No network operations or data exfiltration patterns were detected. The skill explicitly prohibits the storage of sensitive information like API keys, tokens, or passwords within the knowledge base.
Audit Metadata