cs-keep
Pass
Audited by Gen Agent Trust Hub on Jul 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the storage of untrusted data in local markdown files, which could lead to indirect prompt injection if the recorded content is later processed by the agent.
- Ingestion points: Data entering via user notes and contextual research is saved into the .codestable/compound/ directory (specifically in SKILL.md instructions).
- Boundary markers: There are no instructions or delimiters to mark the stored content as untrusted or to prevent the agent from following instructions embedded in the notes.
- Capability inventory: The skill possesses file-writing capabilities to maintain project documentation.
- Sanitization: No explicit validation, escaping, or filtering of the recorded content is performed before it is written to the file system.
Audit Metadata