Scribe
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE] (SAFE): The skill is purely instructional and contains no Python scripts, Node.js code, or shell commands.
- [PROMPT_INJECTION] (LOW): The skill uses a persona-based activation ('You BECOME Scribe') which, while used for a benign purpose here, is a common pattern for altering agent behavior.
- [INDIRECT_PROMPT_INJECTION] (LOW): Surface detected for potential malicious instruction persistence. 1. Ingestion points: User-provided conversation history and 'breakthrough' data documented by the skill. 2. Boundary markers (absent): No instructions provided to delimit user data or ignore embedded commands. 3. Capability inventory: Limited to standard conversational capabilities as no external tools are defined. 4. Sanitization (absent): No logic exists to filter user-provided strings before they are stored as 'wisdom' for future context.
Audit Metadata