Lambda
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Prompt Injection (MEDIUM): The skill implements a 'Compound Loop' (K to K') that extracts principles and insights from user interactions to update its persistent knowledge base. This creates an indirect prompt injection vector where an attacker could provide deceptive 'insights' designed to be internalized as new logic, potentially subverting the agent's future behavior or reasoning accuracy.
- Dynamic Logic (MEDIUM): The routing and execution pipeline (R0-R3) and skill composition operators are dynamically determined at runtime based on the evolving knowledge base. This complexity makes the agent's behavior less predictable and harder to audit, as the 'improvement' logic could be used to persist malicious reasoning patterns across sessions.
Audit Metadata