about-me
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by processing untrusted user data into a profile file read by other skills.\n
- Ingestion points: Untrusted data is collected from the user in 'SKILL.md' during the 'brain dump' (Step 1) and the request for writing samples (Step 1.5).\n
- Boundary markers: Absent. The instructions do not specify the use of delimiters (such as XML tags or triple backticks) to isolate user-provided content.\n
- Capability inventory: The skill writes to 'ABOUT-ME.md' and instructs subsequent agent actions to read and follow the data in this file for personalization.\n
- Sanitization: Absent. No logic is provided to sanitize or escape user-provided text before it is written to the output file.
Audit Metadata