skills/cursor/plugins/reflect/Gen Agent Trust Hub

reflect

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes conversation transcripts which are untrusted data and could contain indirect prompt injection attacks.
  • Ingestion points: Transcript files in JSONL format are loaded from the workspace directory as specified in the SKILL.md process.
  • Boundary markers: All reviewer prompts in the references directory contain explicit instructions to treat transcripts as untrusted and to disregard instructions contained within them.
  • Capability inventory: Reviewer subagents are configured with read-only access to local context via MCP tools. The parent agent handles the capability to modify and create skills.
  • Sanitization: A human-in-the-loop checkpoint is enforced in Step 5, requiring explicit user approval for any and all suggested skill edits before they are applied.
  • [COMMAND_EXECUTION]: The skill utilizes the ls command to retrieve a list of recent transcript files for analysis. This is a functional requirement for locating the correct chat session context and is constrained to the workspace transcript directory.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 12:38 AM
Security Audit — agent-trust-hub — reflect