preference-frequency-manager
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to its requirement to process external data, which it mitigates through explicit instructions.
- Ingestion points: The skill reads data from Email Service Provider (ESP) exports, CSV files, and web analytics data as described in the 'Instructions' and 'Data Sources' sections.
- Boundary markers: The instructions include a specific 'Instructions' header and a 'SECURITY.md' reference that explicitly commands the agent to treat fetched files as untrusted and to ignore instructions embedded in those files.
- Capability inventory: The skill has permissions to write to local markdown memory files and read from related internal skill files; it does not have capabilities for arbitrary command execution or network exfiltration.
- Sanitization: The skill relies on natural language instructions for the agent to maintain safety boundaries when interpolating untrusted data into its design process.
Audit Metadata