agent-access-control
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the way it handles external message data.
- Ingestion points: Untrusted sender messages from messaging platforms are processed within the agent's context as described in SKILL.md.
- Boundary markers: The instructions do not specify any boundary markers or delimiters for stranger content, allowing potential confusion between data and instructions.
- Capability inventory: The skill allows the agent to modify its own configuration file at memory/access-control.json and adjust user permissions based on perceived owner commands (SKILL.md).
- Sanitization: No programmatic sanitization or validation of message content is defined, meaning malicious text could be interpreted as an approval command.
Audit Metadata