lesson
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted conversation data and uses it to perform impactful actions like updating memory or modifying files.
- Ingestion points: The 'Scan recent context' step in SKILL.md reads from the active conversation history.
- Boundary markers: None. The instructions do not define delimiters for user-provided content or warn the agent to ignore instructions found within the conversation context.
- Capability inventory: The skill has the capability to write to long-term memory and update local files such as SKILL.md and checklists.
- Sanitization: None. Extracted lessons are stored or written to files without validation, escaping, or filtering.
Audit Metadata