diary
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill mandates the creation of diary files in
docs/diary/that record verbatim user prompts and verbatim error messages. This behavior poses a significant risk of internal data exposure, as credentials, secrets, or PII often appear in prompts or debugging logs during development work. - [COMMAND_EXECUTION]: The instructions require the agent to log the factual description of commands run and their exact outputs. This persists technical details of the execution environment and tooling capabilities into the project's persistent storage.
- [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by ingesting and persisting untrusted data.
- Ingestion points: User prompts are captured and recorded verbatim into the project documentation (SKILL.md).
- Boundary markers: No instructions are provided to delimit recorded prompts or to treat them as untrusted content when the diary is subsequently read by an agent.
- Capability inventory: The skill involves writing to the local filesystem across the project structure (SKILL.md).
- Sanitization: Explicit instructions to record content "verbatim" ensure that no sanitization, filtering, or redaction of sensitive or malicious content is performed.
Audit Metadata