maestro-note
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a persistent memory system where 'Priority Context' is automatically injected into every future session and implementation run. This creates a surface for Indirect Prompt Injection. If malicious instructions are stored in the notepad (e.g., via a compromised file processed by the agent), these instructions would be re-injected into the agent's context in subsequent runs.
- Ingestion points:
.maestro/notepad.md(Priority Context section). - Boundary markers: None specified to distinguish injected instructions from system prompts.
- Capability inventory: The skill performs file read/write operations on
.maestro/notepad.mdand references other implementation tools. - Sanitization: No sanitization or validation of the note content is performed before injection.
- [COMMAND_EXECUTION]: The skill performs local file system operations, including directory creation (
.maestro/) and file manipulation (reading, appending, and writing to.maestro/notepad.md). These are standard operations for its intended purpose of maintaining a persistent notepad.
Audit Metadata