dream

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches content from external sources defined in the sources: metadata field of markdown notes (Step 8) to refresh stale information. This involves outbound network requests to arbitrary URLs found within the processed data.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks (Category 8) because it ingests and processes untrusted data from external URLs and inbox files to update the knowledge base.
  • Ingestion points: Data enters the context via the raw/inbox/* files (Step 3) and external URLs fetched during the refresh phase (Step 8).
  • Boundary markers: There are no specific instructions or delimiters mentioned to prevent the agent from following instructions embedded within the ingested data.
  • Capability inventory: The skill possesses the ability to write, modify, and delete local files, as well as perform network operations to fetch data.
  • Sanitization: The instructions do not specify any validation, sanitization, or filtering of the content retrieved from external sources before it is used to update local notes.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 03:11 AM
Security Audit — agent-trust-hub — dream