para-custodian
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs automated filesystem operations including creating and moving files to maintain a PARA structure. It also possesses the capability to execute git commit and git push commands to persist these changes to the remote repository. Safety thresholds are defined (<= 10 files) to limit automated impact.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its automated processing of repository data.
- Ingestion points: The Repo Survey and Atomic Distillation agents read and analyze the content of all repository files, git history, and the filesystem tree.
- Boundary markers: The instructions do not specify the use of boundary markers or 'ignore' directives when processing untrusted file content from the repository.
- Capability inventory: The skill can create files, move files, and push changes to a remote repository via git.
- Sanitization: No sanitization or validation of the data read from files is described before it is used by agents to generate maintenance plans or create new notes.
Audit Metadata