robust-first
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The 'Robust-First' protocol (SKILL.md) directs the agent to ingest potentially malformed or corrupted data files (such as ROOM.yml) to perform local repairs and maintain system state. This ingest-and-repair loop presents a surface where instructions hidden within corrupted data could influence the agent's logic during recovery operations. Evidence: 1. Ingestion points: Periodic scanning and reading of state files (SKILL.md). 2. Boundary markers: Absent; the protocol emphasizes 'charitable' and 'liberal' parsing (Postel's Law). 3. Capability inventory: 'read_file' and 'write_file' tools are requested to facilitate repairs. 4. Sanitization: Absent; the logic focuses on reconstruction rather than validation.
- [No Code] (SAFE): The skill contains no executable scripts (Python, JavaScript, shell), binaries, or package manifests, significantly limiting the risk of direct remote code execution or persistence.
Audit Metadata