cs-keep

Pass

Audited by Gen Agent Trust Hub on Jul 1, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill facilitates the storage of untrusted data in local markdown files, which could lead to indirect prompt injection if the recorded content is later processed by the agent.
  • Ingestion points: Data entering via user notes and contextual research is saved into the .codestable/compound/ directory (specifically in SKILL.md instructions).
  • Boundary markers: There are no instructions or delimiters to mark the stored content as untrusted or to prevent the agent from following instructions embedded in the notes.
  • Capability inventory: The skill possesses file-writing capabilities to maintain project documentation.
  • Sanitization: No explicit validation, escaping, or filtering of the recorded content is performed before it is written to the file system.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 1, 2026, 12:35 AM
Security Audit — agent-trust-hub — cs-keep