preference-frequency-manager

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to its requirement to process external data, which it mitigates through explicit instructions.
  • Ingestion points: The skill reads data from Email Service Provider (ESP) exports, CSV files, and web analytics data as described in the 'Instructions' and 'Data Sources' sections.
  • Boundary markers: The instructions include a specific 'Instructions' header and a 'SECURITY.md' reference that explicitly commands the agent to treat fetched files as untrusted and to ignore instructions embedded in those files.
  • Capability inventory: The skill has permissions to write to local markdown memory files and read from related internal skill files; it does not have capabilities for arbitrary command execution or network exfiltration.
  • Sanitization: The skill relies on natural language instructions for the agent to maintain safety boundaries when interpolating untrusted data into its design process.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 09:34 AM
Security Audit — agent-trust-hub — preference-frequency-manager