cleanup-progress
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes external content from
PROGRESS.mdto generate summaries. - Ingestion points: The agent reads the content of
PROGRESS.mdin Step 1. - Boundary markers: No specific delimiters or instructions are provided to the agent to ignore embedded instructions within the source file.
- Capability inventory: The agent has the capability to read files, write to files (via an Edit tool), and create new files in the
.agents/progress-archive/directory. - Sanitization: There is no explicit sanitization or validation of the content being summarized to prevent the execution of instructions that might be embedded in the progress notes.
Audit Metadata