rehydrate
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted workflow data and rendering it as high-priority instructions for the agent.
- Ingestion points: Data is ingested from the 'exarchos' MCP server via the
rehydrateandgetactions defined inSKILL.md. - Boundary markers: The dynamic state content (e.g., phase playbooks, house rules, next actions) is rendered within Markdown sections but lacks explicit boundary markers or instructions to the agent to disregard malicious commands embedded within these data fields.
- Capability inventory: The skill instructs the agent to execute actions such as
Bash,git,Edit, andexarchos_event.appendbased on the retrieved state. - Sanitization: The skill does not define any sanitization, filtering, or validation processes for the data retrieved from the event store before it is presented to the agent as behavioral guidance.
Audit Metadata