exp-reflect
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: The skill analyzes the current conversation trajectory and user-provided prompts (e.g., "/exp-reflect record data flow") to identify content for storage.
- Boundary markers: No explicit delimiters or instructions are provided to separate user-contributed content from the system's analysis logic, nor are there instructions to ignore instructions embedded within the conversation.
- Capability inventory: The skill is designed to invoke
/exp-writeto create permanent documentation,/skill-creatorto generate new executable skills (SOPs), and can directly edit existing Skill files. - Sanitization: There is no evidence of sanitization, validation, or escaping of the extracted content before it is used to generate or modify these files.
Audit Metadata