skills/kashyab12/uni-pstack/reflect/Gen Agent Trust Hub

reflect

Pass

Audited by Gen Agent Trust Hub on Jul 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell commands (ls) to search for and identify the most recent conversation transcript files within the project environment.
  • [PROMPT_INJECTION]: The skill is designed to process untrusted data from conversation transcripts, creating an indirect prompt injection surface (Category 8).
  • Ingestion points: Conversation transcript files in .jsonl format are read and passed to parallel reviewer subagents for analysis.
  • Boundary markers: Subagent prompts in the references/ directory contain explicit instructions to treat transcripts as untrusted data and ignore any embedded directives or instructions framed as user or system commands.
  • Capability inventory: The parent agent maintains file system write access for skill modification, while the reviewing subagents are restricted to read-only MCP tool access for context verification.
  • Sanitization: The security of the skill relies heavily on a mandatory human-in-the-loop approval step (Step 5), where the user must manually review and authorize any proposed skill edits before they are applied to the system.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 10, 2026, 04:47 PM