reflect-skill
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): This skill is vulnerable to indirect prompt injection (Category 8). 1. Ingestion points: The skill processes 'execution results' as mentioned in the flow. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are present. 3. Capability inventory: The skill writes to 'workspace/reflection.md' via file system operations. 4. Sanitization: No sanitization of the input results is specified. The risk is LOW as it only involves display/documentation without high-privilege side effects.
- [DATA_EXFILTRATION] (SAFE): No network operations or sensitive file reads detected.
- [REMOTE_CODE_EXECUTION] (SAFE): No remote dependencies or dynamic code execution found.
Audit Metadata