Trace
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and analyze external user session logs and event streams, which represents a surface for indirect prompt injection where malicious instructions could be embedded in data.
- Ingestion points: The skill collects session logs and event streams during the 'Collect' phase as described in
SKILL.mdandreferences/session-analysis.md. - Boundary markers: The instructions lack explicit structural delimiters or 'ignore' directives to isolate untrusted session data from the agent's core instructions.
- Capability inventory: The skill's capabilities are restricted to generating narrative reports and collaborating with other specialized agents; it is explicitly forbidden from implementing code or making unauthorized simulations.
- Sanitization: The
references/session-analysis.mdfile contains robust privacy best practices, including instructions to anonymize identifiers and mask PII such as emails and addresses before processing.
Audit Metadata