content-converter
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Prompt Injection (MEDIUM): The 'Memory & Self-Evolution' section instructs the agent to use the 'File Edit' tool to update 'memory/preferences.md' with rules derived from user feedback. This mechanism enables instruction poisoning, as an attacker can provide feedback that tricks the agent into adopting malicious rules as permanent 'preferences' that influence all future interactions.
- Indirect Prompt Injection (LOW): The skill processes external 'long text' for conversion tasks without establishing boundary markers. 1. Ingestion points: The skill takes 'long text' and user feedback as primary inputs. 2. Boundary markers: Absent; the skill lacks instructions to ignore or delimit embedded commands within the input text. 3. Capability inventory: The agent has 'File Edit' capabilities to modify local files used for instruction persistence. 4. Sanitization: Absent; there is no validation or filtering of user-provided feedback before it is committed to the long-term memory file.
Audit Metadata