mastermind-logger
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to create directories and write timestamped markdown files to the local file system under the
docs/knowledgelib/path. It explicitly instructs the agent to skip user permission for these operations ("Do not ask for permission"), which reduces user oversight of file system modifications. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8). It ingests conversation history to generate a knowledge base intended to influence future agents.
- Ingestion points: The agent scans conversation history and the current file context for decisions, constraints, and learnings.
- Boundary markers: The skill uses markdown structural headers (e.g., "## Key Decisions") but does not include explicit instructions for future agents to ignore or sanitize embedded commands within the logs.
- Capability inventory: The skill possesses the capability to write files to the disk autonomously.
- Sanitization: There is no evidence of sanitization, escaping, or validation logic to ensure that malicious instructions within the session history are not persisted as authoritative "learnings" for future sessions.
Audit Metadata