study-summary
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): This skill is vulnerable to Indirect Prompt Injection (Category 8) as it ingests untrusted user content to perform actions.
- Ingestion points: The skill is designed to "Review the current conversation" and "Scan the current conversation" to extract topics and concepts.
- Boundary markers: There are no boundary markers or instructions to ignore embedded commands within the conversation history being processed.
- Capability inventory: The skill has the capability to write to the filesystem via the
Writetool and modify agent memory usingmcp__plugin_everything-claude-code-ios_memory__create_entities. - Sanitization: No sanitization, escaping, or validation of the extracted conversation content is performed before it is used to generate the final Markdown file or memory observations.
Audit Metadata