note
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill manages a '.omx/notepad.md' file where 'Priority Context' is 'Always injected on session start'. This creates a persistent attack surface where malicious instructions saved to the notepad could compromise the agent's behavior in future sessions. 1. Ingestion points: Input processed via '/note' commands. 2. Boundary markers: None specified in the documentation. 3. Capability inventory: Local file write and automatic session context injection. 4. Sanitization: No sanitization or validation of note content is described.
- No Code (INFO): The skill contains only documentation (SKILL.md) and no executable scripts or configuration files for direct audit. Logic for file handling and session injection is assumed to be handled by the host environment.
Audit Metadata