zettel
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes external medical notes and performs file system operations based on that content without safety boundaries. 1. Ingestion points: Untrusted markdown files processed for condensation. 2. Boundary markers: Absent; no instructions tell the agent to ignore embedded commands. 3. Capability inventory: The skill can overwrite existing files and create new files in the local directory. 4. Sanitization: Absent; section headers are used directly in file paths which could lead to path manipulation if not handled by the agent's environment.
- [No Code] (SAFE): The skill consists entirely of natural language instructions and does not include executable scripts, binary files, or external dependencies.
Audit Metadata