secondme-prd
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill updates the
.secondme/state.jsonconfiguration file with content derived from user dialogue. - Ingestion points: User input collected via the
AskUserQuestiontool and existing data within the.secondme/state.jsonfile. - Boundary markers: Absent; there are no instructions to use delimiters or ignore instructions embedded within the user-provided text.
- Capability inventory: File system modification access specifically for the
.secondme/state.jsonfile. - Sanitization: Absent; user-provided descriptions for goals, users, and features are directly written into the JSON structure without filtering.
- Risk Context: While the skill's primary function is state management, the lack of sanitization allows for potential injection into a file that downstream tools (such as the mentioned
/secondme-nextjscode generator) may process, potentially leading to unintended behaviors in subsequent steps.
Audit Metadata