compile-conversation-into-doc
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection through the processing of untrusted data.
- Ingestion points: The skill reads all
*-user.mdand*-ai.mdfiles within a specified folder (SKILL.md). - Boundary markers: No boundary markers or delimiters are specified to isolate the content of the files from the agent's instructions. There are no warnings to the agent to ignore instructions embedded within the processed data.
- Capability inventory: The skill utilizes file reading and writing capabilities to analyze and summarize content (SKILL.md).
- Sanitization: There is no evidence of sanitization, filtering, or validation of the content within the markdown files before they are processed by the AI.
- Risk: Malicious instructions embedded in the conversation logs (e.g., instructions for the agent to reveal its system prompt or perform unauthorized actions) could be executed as the agent is explicitly told to "Read every single message file" and "Track how ideas evolve over time."
Audit Metadata