crucible-navigator
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a 'Self-Evolving' design where the agent is instructed to modify the skill's own
TRIGGERSlist and routing table based on user interactions. - Ingestion points: User intent signals provided during session interactions enter the context to evaluate routing accuracy.
- Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between valid user intent and adversarial instructions intended to poison the routing table.
- Capability inventory: The skill allows
Read,Glob, andGreptools. While the markdown instructions direct the agent to 'Edit this file in-place', the YAML configuration restricts tools to read-only operations, mitigating the risk of persistent instruction poisoning. - Sanitization: No sanitization or validation logic is defined for the updates made to the routing table.
- [SAFE]: The skill references local repository landmarks (e.g.,
findings/evolution/evolution.jsonl,findings/evolution/audits/) to maintain a research ledger. These operations are consistent with the stated purpose of research campaign management and do not involve sensitive system paths or credentials.
Audit Metadata