agentation-watch-mode
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it continuously ingests and processes external data from the agentation_agentation_watch_annotations tool.
- Ingestion points: The agentation_agentation_watch_annotations tool in SKILL.md fetches user-provided annotations from an external browser session.
- Boundary markers: The skill lacks explicit instructions or delimiters to isolate the annotation content from the agent's core logic, increasing the risk that the agent will follow instructions embedded in the data.
- Capability inventory: The agent is directed to 'Make the requested fix' (SKILL.md) based on these annotations, which likely involves file system modifications or code execution capabilities.
- Sanitization: There is no evidence of validation or filtering for the content of the annotations before they are used to determine the agent's actions.
Audit Metadata