rules-capture
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill was evaluated for indirect prompt injection risks as it ingests user input to modify agent guidelines. Ingestion points: User conversation history matching rule-detection regexes in SKILL.md. Boundary markers: The skill uses markdown blockquotes and headers to encapsulate user input. Capability inventory: Persistence is achieved via file-write operations to the .agents/SYSTEM/ directory. Sanitization: A mandatory human-in-the-loop confirmation step ensures users must explicitly approve captured rules.
- [DATA_EXFILTRATION]: No network operations or external data transfer mechanisms were detected. The skill only writes to local configuration files.
- [REMOTE_CODE_EXECUTION]: No remote scripts, package installations, or dynamic code execution patterns were found.
Audit Metadata