librarian
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes daily files (
memory/YYYY-MM-DD.md) which may contain untrusted content from outside sources. - Ingestion points: The skill reads daily files,
MEMORY.md, and various structured files in subdirectories (people, projects, topics, decisions). - Boundary markers: No specific delimiters or safety warnings are used to distinguish between trusted user instructions and potentially untrusted data within the notes.
- Capability inventory: The agent has the ability to read, create, update, and delete markdown files within the targeted directory structure (
memory/). - Sanitization: There is no evidence of content validation or sanitization before the information is processed or moved to other files.
Audit Metadata