decisions
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill ingests untrusted data from the conversation and writes it to a persistent local file. * Ingestion points: The skill extracts decision details from the 'conversation context' as described in Step 1 of SKILL.md. * Boundary markers: Absent; the skill does not use delimiters to isolate or identify the source of the recorded text. * Capability inventory: File-write and directory-creation operations specifically for docs/decisions.md and the docs/ directory. * Sanitization: Absent; the skill does not perform any escaping, validation, or filtering of the content before writing it.
- [Command Execution] (LOW): The skill instructs the agent to perform file system and directory modifications. * Evidence: Instructions in Step 4 to create the docs/ directory and append content to docs/decisions.md based on the conversation context.
Audit Metadata