cognitive-register
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by ingesting and saving user-provided content to the file system. * Ingestion points: Content is received from the user via direct input or previous context as described in the registration workflow. * Boundary markers: The skill lacks delimiters or warnings that would prevent the agent from obeying instructions embedded within the registered files. * Capability inventory: The skill uses Write, Edit, and Bash tools to perform file system operations. * Sanitization: The skill normalizes identifiers but does not inspect or sanitize the registered content body for malicious instructions.
- [COMMAND_EXECUTION]: The skill uses the Bash tool for directory creation. Although the variables used in shell commands are normalized according to defined rules (lowercase, hyphens only), the dynamic construction of commands from user-influenced data constitutes a security surface.
Audit Metadata