understand-chat

Pass

Audited by Gen Agent Trust Hub on May 25, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill utilizes a knowledge graph file (.understand-anything/knowledge-graph.json) which summarizes project code. This creates a surface for indirect prompt injection, as an attacker could place instructions within code comments that are subsequently summarized and read by the agent.\n
  • Ingestion points: .understand-anything/knowledge-graph.json (referenced throughout instructions)\n
  • Boundary markers: Absent; no specific delimiters or warnings are provided to the agent to treat the graph content as untrusted data.\n
  • Capability inventory: grep (shell search) and read_file (implicit in context instructions).\n
  • Sanitization: None; the skill reads and processes keywords directly from the file without validation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 25, 2026, 01:54 PM
Security Audit — agent-trust-hub — understand-chat