new
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill identifies and processes data from local files (
tasks/todo.mdandtasks/memory.md) which could contain malicious instructions from an attacker if the repository is compromised. - Ingestion points: Reads
tasks/todo.mdandtasks/memory.mdto determine project state and prior decisions. - Boundary markers: Absent. There are no explicit delimiters or instructions to treat the content of these files as untrusted data.
- Capability inventory: Limited to writing and updating Markdown files within the local
tasks/directory. It does not possess capabilities for subprocess execution, network operations, or external API calls. - Sanitization: None. The skill transforms existing content based on user intent and template rules without filtering for embedded instructions.
- Unverifiable Dependencies (SAFE): The skill is purely instructional and does not define or install any external Python or Node.js packages.
- Data Exfiltration (SAFE): No network-capable commands (like
curlorwget) or sensitive file paths were detected.
Audit Metadata