reflect

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted data from the conversation history and local session logs to modify project configuration.
  • Ingestion points: The skill reads conversation history and '.agents/session_ledger.md' to identify feedback and patterns.
  • Boundary markers: There are no explicit delimiters or instructions provided to isolate untrusted data from the instructions.
  • Capability inventory: The skill possesses the 'Edit' capability, allowing it to modify the 'AGENTS.md' configuration file.
  • Sanitization: No content sanitization or validation is performed on the ingested data; however, the skill requires explicit human approval via 'AskUserQuestion' before applying any changes, significantly reducing the risk of autonomous malicious edits.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 11:53 AM
Security Audit — agent-trust-hub — reflect