Skills
skills/laststance/skills/load/Gen Agent Trust Hub

load

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface as it is instructed to ingest and follow instructions found within external data (Serena MCP memories). However, this is an intended functional behavior for a state-loading skill.
  • Ingestion points: Memory keys retrieved via list_memories and specific CRITICAL_* or session_* entries in SKILL.md.
  • Boundary markers: None specified to differentiate between data and embedded instructions in the memories.
  • Capability inventory: The skill maps to standard capabilities including file editing, shell access, and web search.
  • Sanitization: No explicit sanitization of loaded memory content is described.
  • [COMMAND_EXECUTION]: The skill defines compatibility mappings for agent tools like Bash and WebSearch, but does not execute arbitrary shell commands or perform unsafe operations itself.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 04:18 PM
Security Audit — agent-trust-hub — load