skills/lalulali/vespyr/design/Gen Agent Trust Hub

design

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: In SKILL.md, the skill utilizes the @executor tool to run project-internal Node.js scripts for state synchronization (orchestrator_state.js) and document graph maintenance (ensure_graph.js). These commands use static local paths and perform routine administrative tasks within the agent's environment.
  • [PROMPT_INJECTION]: In SKILL.md, the skill is susceptible to indirect prompt injection due to its core function of processing external data.
  • Ingestion points: Reads discovery and research artifacts from the artifacts/ directory (Step 1, Step 2).
  • Boundary markers: No explicit delimiters are used to wrap the ingested artifact content in the instructions.
  • Capability inventory: Includes file system writes, memory persistence via @memory-controller, and local script execution via @executor (Step 4, State Machine Integration).
  • Sanitization: Input markdown is processed as-is without validation for embedded instructions.
  • [SAFE]: The identified behaviors are integral to the skill's function as a pipeline coordinator and do not represent malicious activity.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 02:25 AM