distill
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data exfiltration were detected. The skill utilizes vendor-specific tools (oh_search_context) and local directories (.oh/) to manage knowledge entries, which is consistent with its stated purpose and the author's ecosystem.
- [PROMPT_INJECTION]: The skill processes historical session logs and stored knowledge, creating a surface for indirect prompt injection. 1. Ingestion points: Historical session history and .oh/metis/ files via the oh_search_context tool. 2. Boundary markers: No explicit delimiters are specified for ingested content. 3. Capability inventory: Writing markdown files to .oh/metis/ and .oh/guardrails/. 4. Sanitization: Mandatory human-in-the-loop review for all proposed modifications; the skill is explicitly designed to never auto-promote or auto-delete entries, requiring the user to validate all content and actions.
Audit Metadata