notes-revision
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates untrusted data into the agent's context during the revision process.
- Ingestion points: The agent ingests data from two primary untrusted sources: the user's local study notes (Acquire Context) and external web content retrieved via search and fetch tools (Initial Verification Phase).
- Boundary markers: The instructions in SKILL.md do not define specific delimiters or instructions to the agent to disregard or isolate potentially malicious commands embedded within the input data.
- Capability inventory: The skill has the capability to read local files and perform network requests (WebSearch, WebFetch), which could be exploited if an injection leads the agent to perform unauthorized actions.
- Sanitization: There is no evidence of sanitization, filtering, or validation of the content ingested from the notes or the internet before it is processed by the agent or its subagents.
Audit Metadata