Skills
skills/mattbaconz/signal/signal-state/Gen Agent Trust Hub

signal-state

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill establishes an indirect prompt injection vector by ingesting state data from a persistent local file.
  • Ingestion points: The file .signal_state.md is read at session start and during updates to establish the agent's operational context (referenced in SKILL.md and SKILL.min.md).
  • Boundary markers: The system uses structured Markdown and YAML but lacks explicit boundary markers or security instructions to prevent the agent from obeying commands embedded within the state file.
  • Capability inventory: The skill is designed to use file-system tools (write_file, replace) to maintain the state file; no high-risk capabilities like network access or subprocess execution were detected.
  • Sanitization: No automated sanitization or schema validation is implemented for the data read from the state file.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 11:45 PM