filing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill's primary function involves reading untrusted content from local and cloud directories, which is a vector for indirect instructions. \n
- Ingestion points: Files in
~/Downloads,Desktop, and Google Drive inbox as specified inREADME.md, plus external Google Docs URLs mentioned in the field report. \n - Boundary markers: Absent; the documentation does not indicate use of delimiters or 'ignore instructions' warnings for file processing. \n
- Capability inventory: Includes file system operations (move, rename, delete) and external API integration (Todoist). \n
- Sanitization: No mention of validation or escaping for extracted content. \n- No Executable Code (SAFE): The provided files are documentation and field reports only; no functional code scripts or instruction files were included in the analysis.
Audit Metadata