inbox-process
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified. * Ingestion points: The skill reads all file contents from the inbox folder for analysis (SKILL.md). * Boundary markers: Absent; no delimiters are used to separate untrusted note content from the agent's internal instructions. * Capability inventory: Moving and deleting files within the local filesystem (SKILL.md). * Sanitization: Absent; the skill relies on the user to verify suggestions, though the optional 'quick' parameter increases risk by assuming consent unless the user objects.
- [SAFE]: No network activity, hardcoded credentials, or remote code execution patterns were identified in the skill instructions.
Audit Metadata