trueflow
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes user-provided content including 'original artifacts' and 'domain context' which are passed verbatim to downstream tools. This configuration creates an indirect prompt injection surface where instructions hidden within the artifacts could influence the behavior of the orchestrator or its sub-skills.\n
- Ingestion points: 'original artifacts', 'domain context', 'evaluation goal', and 'constraints' provided via user input (SKILL.md).\n
- Boundary markers: Absent. The skill does not provide instructions to downstream agents to treat input as data only or use specific delimiters to isolate untrusted content.\n
- Capability inventory: Invocation of external skills (trueflow_initializer, trueflow_adversary, trueflow_referee) and persistent file read/write access to the '.context/trueflow/' workspace.\n
- Sanitization: Absent. The skill explicitly mandates that inputs be passed 'verbatim' and prohibits modifications to the content during orchestration.\n- [SAFE]: The skill's operations are localized to the '.context/trueflow/' directory, and no external network operations, credential handling, or sensitive system modifications were detected.\n- [SAFE]: No external code downloads or package dependencies are present; all orchestration logic is transparent and relies on defined internal skill handoffs.
Audit Metadata