backend-summary
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill writes generated content to a specific local directory ('study-ios/notes/') and updates an internal memory plugin. No evidence of reading sensitive files or making unauthorized network requests was found.
- [Indirect Prompt Injection] (SAFE): The skill processes user-provided conversation history to generate summaries. While this is an ingestion point for untrusted data, it is the primary purpose of the skill and does not provide an escalation path beyond file writing. 1. Ingestion points: Conversation history (Step 1). 2. Boundary markers: Absent. 3. Capability inventory: 'Write' tool for file system access and memory plugin for entity creation. 4. Sanitization: Not explicitly defined.
Audit Metadata