glean
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted markdown data from the local filesystem, creating a potential surface for indirect prompt injection. Evidence: 1. Ingestion points: The workflow reads files from 'Areas/AI/Memory/**/.md' and 'Areas/AI/Collaboration/Sessions/.md' as defined in SKILL.md. 2. Boundary markers: No delimiters or isolation markers are defined to separate ingested data from agent instructions. 3. Capability inventory: The skill is restricted to textual output and lacks high-risk capabilities like network access, file writing, or command execution. 4. Sanitization: There is no evidence of sanitization or validation of the content within the ingested markdown files.
Audit Metadata