worklog
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface. The skill reads and summarizes log entries from the file system, which could allow malicious instructions embedded in those logs to influence the agent's behavior. 1. Ingestion points: The skill reads structured JSON entries from
worklog/*.json. 2. Boundary markers: Absent. There are no markers or instructions to ignore embedded commands when processing thesummaryormessagefields. 3. Capability inventory: The skill utilizesRead,Write,Edit, andGlobtools. 4. Sanitization: Absent. The skill does not sanitize or validate the content of log entries before aggregating them into the state summary. - COMMAND_EXECUTION (SAFE): The skill uses basic shell utilities such as
ls,grep,wc, andmkdirfor internal file management and sequence tracking, which is consistent with its primary purpose.
Audit Metadata