cledon
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface detected through untrusted data ingestion.\n
- Ingestion points: Tools such as
get-run-statusandget-run-historyretrieve call transcripts and test results from external voice interactions (SKILL.md).\n - Boundary markers: The skill definition does not include instructions for delimiters or ignore-behavior to isolate external transcript content.\n
- Capability inventory: No subprocess calls, dynamic code execution (eval/exec), file-system writes, or network operations are present, as the skill contains no executable scripts.\n
- Sanitization: There is no mention of sanitization, filtering, or escaping for the ingested transcript data.\n- [NO_CODE]: The skill package is comprised solely of a markdown definition file (SKILL.md) and does not ship with any executable scripts, binaries, or logic files.
Audit Metadata