tcm-constitution-analyzer
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its data ingestion process. It reads external health tracking files that could contain malicious instructions designed to influence the agent's behavior.
- Ingestion points: Accesses untrusted content from 'data-example/profile.json', 'data-example/nutrition-tracker.json', 'data-example/fitness-tracker.json', and 'data-example/sleep-tracker.json'.
- Boundary markers: There are no specified delimiters or instructions to ignore embedded commands within the processed data.
- Capability inventory: The agent has 'Read' and 'Write' tool access to the local file system.
- Sanitization: No input validation or sanitization is performed on the ingested data.
Audit Metadata