hmos-development
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface detected through data ingestion and file modification.
- Ingestion points: The skill is designed to read user-provided
.etssource files and contents fromreferences/error-log.md. - Boundary markers: Absent. The instructions do not specify delimiters or safety warnings to distinguish between instructions and data when processing external file content.
- Capability inventory: The agent uses
Grepfor searching files andEditfor writing/appending toreferences/error-log.md. - Sanitization: Absent. User-provided error messages and code snippets are recorded into the long-term
error-log.mdwithout validation or escaping, which could lead to persistent instruction injection in future sessions. - [COMMAND_EXECUTION] (SAFE): The skill references running compilation commands as part of the development workflow. This behavior is consistent with the primary purpose of a development tool and is gated by a reference guide.
Audit Metadata