reflect
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing the entirety of the conversation history to generate retrospectives and skill audits. This could allow malicious instructions embedded in a prior chat exchange to influence the agent's self-improvement suggestions or skill modifications.
- Ingestion points: Full conversation history (SKILL.md).
- Boundary markers: Absent. There are no specific delimiters or instructions for the LLM to ignore potentially adversarial instructions embedded within the conversation text being analyzed.
- Capability inventory: The skill has the ability to save items to long-term memory systems and propose structural modifications (diffs) to other agent skill files (SKILL.md).
- Sanitization: Absent. The skill does not describe any mechanism to validate or sanitize the chat content before it is used to generate actionable improvements or code diffs.
Audit Metadata