tcm-constitution-analyzer
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Potential surface for indirect prompt injection via user-controlled data. The skill processes information from 'profile.json', 'nutrition-tracker.json', 'fitness-tracker.json', and 'sleep-tracker.json' (Ingestion points). There are no explicit boundary markers or 'ignore embedded instructions' warnings for these data sources (Boundary markers: absent). The skill has the capability to write to the file system (Capability inventory: Write tool). No explicit sanitization or validation of the external content is mentioned in the logic (Sanitization: absent).
Audit Metadata