mind-mirror
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): No access to sensitive file paths, environment variables, or hardcoded credentials detected. No network calls or exfiltration patterns identified.\n- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill consists entirely of data (YAML/Markdown) and does not include package managers or remote code execution patterns like piped shell commands.\n- [Obfuscation] (SAFE): Content is transparent and uses no Base64, zero-width characters, or homoglyphs to hide intent.\n- [Indirect Prompt Injection] (LOW):\n
- Ingestion points: User-controlled variables 'name' and 'primary_goal' are interpolated into the EXTENSIONS.yml file.\n
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present.\n
- Capability inventory: The skill provides no executable scripts, tool calls, or network access points.\n
- Sanitization: No validation or sanitization of the input fields is evidenced.\n
- Conclusion: While an injection surface exists, the risk is minimized by the skill's lack of functional capabilities (least privilege).
Audit Metadata