tldr-skill
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). It generates summaries from conversation history and retrieves them later, potentially allowing malicious instructions embedded in a previous conversation to influence the agent when a tldr is read or updated.\n
- Ingestion points: The skill reads existing tldr markdown files (e.g., in the '01
- Projects/' directory) and the 'memory.md' file at the vault root.\n
- Boundary markers: There are no instructions for the agent to use delimiters or to ignore potential instructions within the retrieved markdown content.\n
- Capability inventory: The agent has the capability to read, write, and delete files, as well as create directories (mkdir).\n
- Sanitization: The skill does not specify any sanitization or validation of the data being retrieved from or written to the vault files.\n- [NO_CODE]: The skill consists entirely of markdown instructions within the SKILL.md file and does not provide or invoke any external scripts or compiled binaries.
Audit Metadata