urf
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill identifies a significant attack surface for indirect prompt injection via its query processing logic.
- Ingestion points: User queries are ingested by the
scripts/classify.pyscript to calculate complexity scores and determine tool orchestration pipelines (R0-R3). - Boundary markers: The skill lacks explicit boundary markers or instructions to the agent to disregard instructions embedded within the user-provided data.
- Capability inventory: The framework possesses capabilities to orchestrate multiple tools, including
exa:web_searchandinfranodus, and execute multi-step reasoning holons (DEC, EVL, PAT, etc.). - Sanitization: There is no evidence of input sanitization or content validation performed on the query before it influences the reasoning flow.
- Command Execution (SAFE): While reference documentation (
references/emergency.mdandreferences/performance.md) contains pseudocode describing low-level operations like firewall rules and process sandboxing, these are conceptual descriptions of the framework's architecture and are not implemented as executable commands within the skill's scripts. - Obfuscation (SAFE): The use of Greek characters and mathematical symbols (e.g., λ, ο, τ, η) is consistent with the framework's lo.t calculus theme and is used for notation rather than to hide malicious code.
Audit Metadata