self-reflection
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: Accesses sensitive files located in ~/.config/alma/chats/, which contain private 1-on-1 chat history, and ~/.config/alma/SOUL.md, which stores the agent's personality traits.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes raw logs from group and private chats. 1. Ingestion points: Log files in ~/.config/alma/groups/ and ~/.config/alma/chats/. 2. Boundary markers: Minimal headers are used to separate logs, but no specific delimiters or instructions exist to prevent the model from following commands found within those logs. 3. Capability inventory: The skill has access to the Bash and Write tools, allowing it to modify files or execute system commands based on the reflection process. 4. Sanitization: No content filtering or validation is performed on the ingested log data.
- [COMMAND_EXECUTION]: Uses Bash to iterate through and read multiple log files, which could lead to unintended file access if path variables are compromised.
Audit Metadata