html-thread-recap
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted text from conversation logs or transcripts, creating an indirect prompt injection surface. Malicious content within the processed data could attempt to manipulate the summary or influence the agent's output logic.
- Ingestion points: Conversation context or user-pasted transcripts processed by instructions in SKILL.md.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used.
- Capability inventory: Local file system write access to ~/artifacts/ as described in SKILL.md.
- Sanitization: No input validation or sanitization is performed on the source text.
Audit Metadata