personal-knowledge-search
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Vulnerability to Indirect Prompt Injection through the 'Self-Evolution' and 'Memory' features. The skill explicitly instructs the agent to read and update instructions in 'memory/preferences.md' based on external input.
- Ingestion points: User feedback and articles analyzed during the search process (SKILL.md, Scenario 3).
- Boundary markers: Absent. There are no instructions defining delimiters or separators to prevent the agent from confusing data with instructions.
- Capability inventory: Subprocess/Tool usage identified through the requirement for a 'File Edit' tool to modify local files.
- Sanitization: Absent. The skill does not describe any method for sanitizing or validating user feedback before it is appended to the memory file.
Audit Metadata