about-me
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection. User-provided content (writing samples and opinions) is stored in a permanent file (
ABOUT-ME.md) intended for consumption by other skills. If this user-provided content contains malicious instructions, downstream skills reading the file might execute them. - Ingestion points: User brain dump and writing samples (social media posts, emails) provided during interaction.
- Boundary markers: The generated
ABOUT-ME.mdtemplate lacks specific delimiters or 'ignore' instructions for the content it contains. - Capability inventory: The skill performs file-write operations to the project root to store the profile.
- Sanitization: No sanitization or validation is performed on the user-provided text before writing it to the file.
- [SAFE]: No suspicious network activity, external downloads, or command execution patterns were detected. All operations are confined to the local environment and the intended personalization purpose.
Audit Metadata