cortex-query
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill performs read and write operations on local JSON and JSONL files within the ~/.cortex directory. This behavior is consistent with its stated purpose of managing a 'Knowledge Cortex' database.
- [SAFE]: Analysis of the Python script confirms that no external network requests are made. Data is only processed locally and output to the terminal.
- [SAFE]: No third-party dependencies are required beyond the Python standard library, and no remote code execution patterns were identified.
- [PROMPT_INJECTION]: The skill processes communication summaries and facts which may contain content from untrusted external sources (e.g., email subjects found in communications.jsonl). There are no explicit boundary markers used when displaying this data to the agent. However, since the skill lacks dangerous capabilities like network exfiltration or system command execution, the risk of indirect prompt injection is minimal.
Audit Metadata