anchor-sheet
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill possesses a data ingestion surface that could be exploited via indirect prompt injection.
- Ingestion points: Reads untrusted external data from
outline/evidence_drafts.jsonlvia theread_jsonlutility inrun.py. - Boundary markers: Absent. Extracted excerpts are placed directly into
outline/anchor_sheet.jsonlwithout delimiters or 'ignore' instructions. - Capability inventory: The script has the capability to write to the local filesystem (
write_jsonl), but no network or execution capabilities. - Sanitization: No sanitization is performed to detect or strip instruction-based text (e.g., 'Ignore previous instructions'); the script only filters for numeric presence or specific keywords. While the risk to this script is negligible, the output is intended for a downstream 'writer' agent that is told to treat these anchors as 'must-use hooks', creating a potential path for data-driven influence.
- [Data Exposure & Exfiltration] (SAFE): The script explicitly restricts file operations to the provided workspace and contains no network-related code (no
requests,curl, orsocketusage), supporting the 'Network: none' claim in the metadata.
Audit Metadata