exp-write
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill restricts its file operations to the
spec/context/directory for managing memory indices and details. It does not attempt to access sensitive system files, credentials, or environment variables. - [COMMAND_EXECUTION]: While the skill uses file system tools (Read, Write, Edit, Glob), these are used strictly for text manipulation within the project structure and do not involve executing arbitrary shell commands or system-level processes.
- [PROMPT_INJECTION]: The instructions are focused on structured data handling and do not contain any patterns typical of prompt injection, such as attempts to override safety filters or ignore previous instructions.
- [EXTERNAL_DOWNLOADS]: The skill does not request or use any network-enabled tools like curl or wget, ensuring all operations remain local to the environment.
- [INDIRECT_PROMPT_INJECTION]: The skill processes user-provided content (experience/knowledge) and writes it to the filesystem (
SKILL.md). While this creates an ingestion surface for potential future injections if the agent reads these files later, the risk is inherent to the skill's primary purpose of 'Memory Writing' and is mitigated by the structured markdown templates provided.
Audit Metadata