reflect
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by design.
- Ingestion points: Processes the entire conversation history as input for 'learnings' and updates to the 'brain'.
- Boundary markers: No specific delimiters or safety instructions are defined to distinguish between user intent and data content within the conversation scan.
- Capability inventory: The skill has the authority to write to the
brain/directory and modify other skill files in.agents/skills/. - Sanitization: There is no evidence of sanitization or validation of the extracted 'learnings' before they are written to persistent storage. An attacker could potentially embed malicious instructions in a conversation that the agent then 'reflects' into its long-term instructions.
Audit Metadata