barry-onboarding
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill reads the content of
~/.barry-english/profile.mdto determine the user's progress and select the appropriate onboarding path. This ingestion of local data creates a potential attack surface if the file is modified by an untrusted external process.\n - Ingestion points: Step 0 reads state from
~/.barry-english/profile.md.\n - Boundary markers: The skill uses structural markdown anchors (e.g.,
## Section [1-4]) but lacks explicit delimiters or instructions to ignore embedded commands within those sections.\n - Capability inventory: The skill can invoke other functional skills (
barry-profile,barry-assessment,barry-solution) and informs the user about existing executable scripts likeBarry-Quiz.command.\n - Sanitization: There is no evidence of sanitization or content filtering for the data read from the profile file before it is interpreted by the agent.
Audit Metadata