stocktake
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is a maintenance tool designed for local auditing and reporting on skill inventory; it lacks network access and does not perform data exfiltration.\n- [SAFE]: Strong human-in-the-loop controls are implemented, specifically requiring user confirmation before confirming any retiree, merge, or archive recommendations.\n- [PROMPT_INJECTION]: The skill processes untrusted content from the
skills/directory during its evaluation phase, creating a surface for indirect prompt injection where a malicious skill could attempt to bias or manipulate audit outcomes.\n - Ingestion points: The skill enumerates and reads the content of all SKILL.md files and other reference files within the
skills/directory.\n - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the instructions dispatched to the evaluation agent.\n
- Capability inventory: The skill is capable of reading local file metadata and content, and writing evaluation results to a JSON cache file (
skills/stocktake/results.json).\n - Sanitization: Skill contents are processed and evaluated without sanitization or validation of the input data.
Audit Metadata