post-mortem
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODEEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect prompt injection surface. The skill fetches chat exports from external URLs using WebFetch. Malicious content in these exports could influence the agent to suggest harmful changes to local configuration. 1. Ingestion points: Phase 1 (URL fetching in SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Phase 4 (Writing to .cursorrules and modifying skill files in SKILL.md). 4. Sanitization: Absent, relies on user manual confirmation.
- [EXTERNAL_DOWNLOADS] (LOW): Installation instructions in README.md point to an untrusted GitHub user 'walterra'.
- [NO_CODE] (SAFE): No executable scripts or binaries are present; the skill is entirely markdown-based instructions.
Audit Metadata