reasoning
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill executes the
harness_reasoningtool and instructs the model to 'absorb the scaffold internally' and 'shape your response with it'. If the external service were compromised, it could provide malicious instructions that the agent is predisposed to follow. - Ingestion points: Output from the
harness_reasoningMCP tool provided by theejentum-mcpserver. - Boundary markers: Absent. There are no delimiters or specific instructions for the agent to treat the tool output as untrusted data; rather, it is explicitly told to absorb it as guidance.
- Capability inventory: The agent maintains its standard capabilities, which may include file system access or other tool executions depending on the platform configuration.
- Sanitization: Absent. The skill does not validate or sanitize the 'scaffold' content before the model processes it.
- [DATA_EXFILTRATION]: Outbound Data Transmission. The skill sends a framed version of the user's task as a
queryargument to an external API (ejentum.com). While this is the intended purpose of the skill, it involves sending user-derived context to a third-party vendor. - [CREDENTIALS_UNSAFE]: The skill requires an environment variable
EJENTUM_API_KEY. This is noted as a requirement but is handled via standard environment variables rather than being hardcoded, which aligns with security best practices for secret management.
Audit Metadata