skills/lvlup-sw/exarchos/rehydrate/Gen Agent Trust Hub

rehydrate

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted workflow data and rendering it as high-priority instructions for the agent.
  • Ingestion points: Data is ingested from the 'exarchos' MCP server via the rehydrate and get actions defined in SKILL.md.
  • Boundary markers: The dynamic state content (e.g., phase playbooks, house rules, next actions) is rendered within Markdown sections but lacks explicit boundary markers or instructions to the agent to disregard malicious commands embedded within these data fields.
  • Capability inventory: The skill instructs the agent to execute actions such as Bash, git, Edit, and exarchos_event.append based on the retrieved state.
  • Sanitization: The skill does not define any sanitization, filtering, or validation processes for the data retrieved from the event store before it is presented to the agent as behavioral guidance.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 06:24 PM
Security Audit — agent-trust-hub — rehydrate