work-record
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from the current conversation to generate work summaries, which introduces a surface for indirect prompt injection.
- Ingestion points: The skill reads the entire current conversation history to understand work accomplishments (SKILL.md).
- Boundary markers: No explicit delimiters or instructions are provided to distinguish between user-provided data and agent instructions.
- Capability inventory: The skill has the ability to read existing files and append new content to the user's filesystem (SKILL.md).
- Sanitization: No sanitization or validation of the conversation content is performed before the summary is generated and stored.
- [NO_CODE]: The skill does not contain any executable scripts or binary files, consisting entirely of natural language instructions for the agent.
Audit Metadata