vault-tracker
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it ingests data from local files (tracker and project directories) to drive its decision-making logic for file system operations. (1) Ingestion points: Reads projects/project-tracker.md and scans the projects/ directory hierarchy. (2) Boundary markers: No explicit boundary markers or warnings to ignore embedded instructions are defined for the processed file content. (3) Capability inventory: Moves project directories, renames files, and rewrites markdown links. (4) Sanitization: No explicit validation or sanitization of file names or tracker content is described.
- [COMMAND_EXECUTION]: The skill involves structural modification of the local filesystem, including moving project folders and editing links within markdown files. While it incorporates safety measures such as requiring confirmation for archival and forbidding deletions, it facilitates significant workspace changes via the agent.
- [NO_CODE]: This skill consists only of markdown instructions in the SKILL.md file and does not include any external scripts, binaries, or configuration files.
Audit Metadata