reflect
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted data from the conversation history and local session logs to modify project configuration.
- Ingestion points: The skill reads conversation history and '.agents/session_ledger.md' to identify feedback and patterns.
- Boundary markers: There are no explicit delimiters or instructions provided to isolate untrusted data from the instructions.
- Capability inventory: The skill possesses the 'Edit' capability, allowing it to modify the 'AGENTS.md' configuration file.
- Sanitization: No content sanitization or validation is performed on the ingested data; however, the skill requires explicit human approval via 'AskUserQuestion' before applying any changes, significantly reducing the risk of autonomous malicious edits.
Audit Metadata