note-writer
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests untrusted content from external PDFs, which could contain malicious instructions designed to manipulate the agent's behavior during the note-writing process.
- Ingestion points: External source materials (PDF content) provided via the
pdf-readerskill. - Boundary markers: Absent; untrusted data is directly interpolated into markdown variables such as
{objective}and{results}without delimiters. - Capability inventory: The skill is capable of writing markdown files to the
notes/directory structure. - Sanitization: No explicit sanitization, validation, or escaping of ingested source content is implemented before it is stored on the filesystem.
Audit Metadata