load
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructions require the agent to scan loaded memory content for directives such as 'CRITICAL' or 'MUST read' and explicitly command the agent to obey them, creating an indirect prompt injection vector.
- Ingestion points: Content is ingested from the MCP server using the 'read_memory' tool.
- Boundary markers: The skill does not implement boundary markers or instructions to ignore embedded commands within the ingested memory data.
- Capability inventory: The skill utilizes internal MCP tools including 'onboarding', 'list_memories', 'read_memory', and 'think_about_collected_information'.
- Sanitization: No sanitization, filtering, or validation is performed on the content retrieved from memory before it is processed for directives.
Audit Metadata