scratchpad
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- Prompt Injection (LOW): The skill creates a surface for Indirect Prompt Injection (Category 8). As a working memory tool, it allows the agent to store and retrieve free-form text which may contain untrusted data that could influence subsequent agent reasoning.
- Ingestion points: SCRATCHPAD.md (via read_file tool).
- Boundary markers: No delimiters or 'ignore instructions' warnings are present.
- Capability inventory: read_file and write_file tools provide file system access.
- Sanitization: No sanitization or validation of the ingested content is defined.
- Self-referential Content (LOW): The skill-snitch-report.md file contains a self-authored security assessment with biased verdicts ('Risk Level: ZERO', 'APPROVE') that attempt to influence the judgment of an auditor, characteristic of Category 8e.
Audit Metadata