knowledge-harvester
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it is designed to ingest and format artifacts derived from external research and writing phases.
- Ingestion points: Research sources from gap-filling, synthesized connections, and domain maps (identified in SKILL.md and references/harvest-process.md).
- Boundary markers: No specific delimiters or safety instructions are defined to encapsulate untrusted research data within the prompt context.
- Capability inventory: The skill has the ability to write files to the local file system (SKILL.md).
- Sanitization: The risk is mitigated by a core constraint requiring explicit human approval through AskUserQuestion before any data is written to the vault (SKILL.md, Step 3 and 4).
- [SAFE]: No evidence of credential theft, data exfiltration, or malicious command execution was found within the skill's instructions or reference documents.
Audit Metadata