agent-line
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it is designed to read and process message content from external LINE users, which could contain malicious instructions.
- Ingestion points: External messages are ingested into the agent context via the
agent-line message listcommand and SDK-based listeners as documented inSKILL.md,templates/chat-summary.sh, andreferences/common-patterns.md. - Boundary markers: No explicit delimiters (e.g., XML tags or backticks) or "ignore embedded instructions" warnings are implemented in the provided templates or instructions to isolate external message text from the agent's core instructions.
- Capability inventory: The agent has the capability to execute shell commands via the
agent-linetool (configured inallowed-tools), perform network operations through the binary, and manage a persistent local memory file at~/.config/agent-messenger/MEMORY.md. - Sanitization: There is no evidence of sanitization, filtering, or validation of the retrieved message content before it is presented to the agent or processed by the provided scripts.
Audit Metadata