brain-new
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of routing raw user input to behavioral configuration files.
- Ingestion points: Unstructured user input (tasks, notes, ideas) ingested in the
SKILL.mdtriage process. - Boundary markers: The protocol lacks explicit boundary markers or delimiters to differentiate between data to be stored and instructions to the agent.
- Capability inventory: The skill has permissions to write to sensitive locations such as
Machine/Memory/corrections.mdandMachine/Rules/active-rules.md, which are intended to influence future agent behavior. - Sanitization: There is no evidence of input validation or sanitization to prevent malicious instructions from being persisted in the vault.
Audit Metadata