flashcards
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection due to its processing of external note content.
- Ingestion points: Data enters the agent context via 'Read' and 'Grep' tools when analyzing file paths or vault topics (SKILL.md).
- Boundary markers: Absent. The skill does not instruct the agent to use delimiters or ignore embedded instructions within the source notes.
- Capability inventory: The skill possesses 'Edit' and 'Read' tools, which allow it to modify the file system based on interpreted content.
- Sanitization: Absent. There is no logic to escape or validate content before it is processed by the model for card generation.
Audit Metadata