sleep-analyzer
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its architecture for processing external health data. \n
- Ingestion points: The skill ingests data from multiple potentially untrusted sources, including 'sleep-tracker.json', 'fitness-tracker.json', 'diet-records/', and 'mood-tracker.json' via the Read, Grep, and Glob tools. \n
- Boundary markers: The instructions lack explicit boundary markers or delimiters that would inform the agent to ignore any natural language instructions embedded within the health records. \n
- Capability inventory: The skill is granted 'Write' access to the file system, which provides a functional capability that could be exploited if an injection attack were successful. \n
- Sanitization: There is no description of data validation or sanitization logic to verify the integrity of the records before they are processed by the agent.
Audit Metadata