dream
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches content from external sources defined in the
sources:metadata field of markdown notes (Step 8) to refresh stale information. This involves outbound network requests to arbitrary URLs found within the processed data. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks (Category 8) because it ingests and processes untrusted data from external URLs and inbox files to update the knowledge base.
- Ingestion points: Data enters the context via the
raw/inbox/*files (Step 3) and external URLs fetched during the refresh phase (Step 8). - Boundary markers: There are no specific instructions or delimiters mentioned to prevent the agent from following instructions embedded within the ingested data.
- Capability inventory: The skill possesses the ability to write, modify, and delete local files, as well as perform network operations to fetch data.
- Sanitization: The instructions do not specify any validation, sanitization, or filtering of the content retrieved from external sources before it is used to update local notes.
Audit Metadata