librarian
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill consists entirely of markdown-based instructions for the AI agent and does not include any scripts, binaries, or external code dependencies.
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection because it is designed to ingest and process untrusted data from user-managed log files. Ingestion points: Reads daily journal files (memory/YYYY-MM-DD.md) and the main index (MEMORY.md). Boundary markers: None are present; the instructions do not specify delimiters to isolate content or directives to ignore instructions embedded in the notes. Capability inventory: The skill allows reading and writing markdown files within the memory/ directory structure. Sanitization: None; the skill lacks specific mechanisms to sanitize or validate the content before promoting it to structured memory.
- [SAFE]: No network activity, data exfiltration, or system-level persistence mechanisms were detected. The skill specifically instructs the agent not to store sensitive information like API keys or tokens.
Audit Metadata