reflect
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its session review process.
- Ingestion points: Step 1 in "SKILL.md" instructs the agent to scan the "full conversation" to identify findings.
- Boundary markers: The instructions do not define delimiters or markers to isolate conversation data, potentially allowing embedded instructions to be executed.
- Capability inventory: The skill uses the "Write" tool to persist data to the filesystem and has the ability to propose and create new skills.
- Sanitization: No sanitization or validation of the ingested conversation transcript is specified.
- Mitigation: Mandatory human-in-the-loop checkpoints require user approval before the agent saves memory items or applies skill modifications.
Audit Metadata