reflect
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (SAFE): The skill analyzes conversation history which contains untrusted user input, creating a potential surface for indirect prompt injection. However, this is mitigated by the skill's design, which requires explicit user approval via 'AskUserQuestion' before executing any suggested actions. (1) Ingestion points: Conversation history scan in Step 0. (2) Boundary markers: Not explicitly defined in instructions. (3) Capability inventory: Update 'MEMORY.md', create new skill files, and open tasks. (4) Sanitization: Relies on human-in-the-loop validation of generated proposals.
- [Data Exposure & Exfiltration] (SAFE): The skill processes internal conversation logs and interacts with local memory files. No network operations, external API calls, or data exfiltration patterns were detected.
- [Command Execution] (SAFE): While the skill can create or modify files, these actions are performed using standard agent tools and are subject to user review and approval. No arbitrary or malicious command execution patterns were found.
Audit Metadata