note-improvement
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates indirect prompt injection by recording untrusted input into the project file system. Subsequent processes or agents reading the improvements backlog could be influenced by malicious instructions embedded in the captured notes. * Ingestion points: Improvement descriptions gathered from user arguments and workspace context (SKILL.md). * Boundary markers: The skill defines a markdown structure for entries but lacks explicit delimiters or instructions to ignore embedded commands within those entries (SKILL.md). * Capability inventory: File system read and write operations to project files (SKILL.md). * Sanitization: No validation or escaping is performed on the input before appending it to the backlog file (SKILL.md).
Audit Metadata