agents-md-guide
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill includes a dedicated 'Red Lines' section in its template that explicitly prohibits the agent from exfiltrating private data and performing destructive actions without human confirmation.
- [COMMAND_EXECUTION]: The AGENTS_TEMPLATE.md file provides instructions for using the 'nanobot cron' command to schedule persistent reminders and periodic tasks.
- [PROMPT_INJECTION]: The template uses assertive language in its startup instructions, such as 'Don't ask permission. Just do it' and 'Follow it... then delete it', which are patterns often associated with overriding safety guidelines, even if used here for functional configuration.
- [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface by requiring the agent to ingest and obey instructions from external files. 1. Ingestion points: BOOTSTRAP.md, SOUL.md, USER.md, HEARTBEAT.md, and daily log files. 2. Boundary markers: Absent; files are read and followed directly. 3. Capability inventory: The agent is granted file-write permissions and cron-scheduling capabilities. 4. Sanitization: No sanitization or validation of the ingested file content is performed.
- [SAFE]: The skill employs conditional logic ('if exists') for all optional components like memory and heartbeat monitoring, ensuring stable operation when these files are missing.
Audit Metadata