reflect
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted session history to extract and store memories, creating an attack surface where malicious session content could influence the agent's summary or storage logic. 1. Ingestion points: Review of session conversation history in SKILL.md. 2. Boundary markers: Absent; no specific delimiters or warnings are provided to the agent to distinguish session data from its internal instructions. 3. Capability inventory: Writing files to the local filesystem (Areas/AI/Memory/). 4. Sanitization: Absent; the agent is not instructed to escape or validate data extracted from the session.
- [No Executable Code] (SAFE): The skill contains no scripts, binaries, or external dependencies. It relies entirely on instructions to the LLM.
Audit Metadata