forgotten-elements-reminder
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWSAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and analyze untrusted external data (story files and JSON trackers).
- Ingestion points: Processes
character-state.json,plot-tracker.json, and story text viaReadandGreptools. - Boundary markers: No specific delimiters or instructions are defined to separate user story content from system instructions.
- Capability inventory: Limited to
ReadandGrep. The skill cannot modify files, execute code, or access the network. - Sanitization: No sanitization of external content is described.
- Risk Assessment: Since the skill's capabilities are restricted to information retrieval and reporting, the maximum impact of a successful injection is misleading the agent's internal reasoning or providing false reminders to the user.
- [Privilege Escalation] (SAFE): No requests for elevated permissions or use of restricted commands detected.
- [Data Exfiltration] (SAFE): No network capabilities or tools that would allow for the transmission of sensitive story data to external domains are present.
Audit Metadata