cortex-query
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes potentially untrusted data from local knowledge records which could contain malicious instructions meant to influence the agent's behavior.
- Ingestion points: Data is read from contacts.json, clients.json, communications.jsonl, and knowledge.jsonl within the scripts/cortex-query.py file.
- Boundary markers: The skill does not implement delimiters or provide instructions for the agent to ignore content within the records, increasing the risk of instruction following.
- Capability inventory: The scripts/cortex-query.py script includes file-write capabilities through the prune command and outputs potentially large amounts of data to the console.
- Sanitization: There is no sanitization or filtering of the record content for injection-like strings before it is presented to the agent.
Audit Metadata