cocoscout
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill automatically injects data from local files into the agent's startup context, creating a surface for indirect prompt injection.
- Ingestion points: Content is read from .cocoplus/grove/patterns/, .cocoplus/context/, .cocoplus/snapshots/, and .cocoplus/prompts/.
- Boundary markers: Injected content is enclosed in a structured markdown block with a specific header, though it lacks strong instructions to ignore potentially malicious embedded content.
- Capability inventory: The skill has file system read access to the .cocoplus directory and writes logs to .cocoplus/hook-log.jsonl. It does not possess network or code execution capabilities.
- Sanitization: The skill ranks files by relevance but does not sanitize or escape the content of the files before injection.
- Concealment: The skill operates silently without notifying the user during the execution phase, which reduces visibility into what content is being loaded.
Audit Metadata