ai
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): The skill exhibits an indirect prompt injection surface because it uses tools like
cognifyandcodifyto ingest external documents and code repositories into a knowledge graph. If these external sources contain hidden instructions, they could influence the agent's behavior when retrieved via search. \n - Ingestion points:
cognee/tool-usage.md(cognify, codify) \n - Boundary markers: None identified in the skill content. \n
- Capability inventory: Python code execution (as suggested in development patterns) and tool calls (
save_interaction,search). \n - Sanitization: No sanitization or escaping of ingested data is described. \n- [Data Exposure] (SAFE): The skill utilizes a
save_interactiontool to log conversation history. This is a transparently documented feature for building a project-specific knowledge base and is not considered unauthorized data exfiltration based on the provided file context.
Audit Metadata