load
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from a shared network location.\n- Ingestion points: The skill reads markdown files from
/mnt/share/instructions/(as described in SKILL.md) to provide context for resuming tasks.\n- Boundary markers: The instructions do not provide delimiters or warnings to ignore embedded instructions within the handoff files, meaning the agent might treat malicious content in those files as authoritative instructions.\n- Capability inventory: The skill leveragesRead,Bash, andGlobtools to navigate and access the file system.\n- Sanitization: There is no mechanism described to sanitize, filter, or validate the contents of the handoff files before the agent processes and summarizes them.
Audit Metadata