Skills
skills/mathews-tom/armory/immune/Gen Agent Trust Hub

immune

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests untrusted user content and passes it to the immune-scan agent (Haiku) for pattern detection and correction. This represents an indirect prompt injection surface.
  • Ingestion points: The input parameter in SKILL.md accepts arbitrary text or code from the user or conversation history to be scanned.
  • Boundary markers: The skill uses XML tags (<content>) to delimit user input within the prompt sent to the sub-agent, which provides minimal protection against adversarial delimiters.
  • Capability inventory: The system performs local file writes to immune_memory.json and cheatsheet_memory.json and executes a local Python script for ranking.
  • Sanitization: No explicit sanitization or escaping of the untrusted content is performed before interpolation into the prompt block.
  • [COMMAND_EXECUTION]: The skill relies on the execution of a local Python script (scripts/retrieve.py) to perform task-conditioned retrieval and ranking of memory entries.
  • Evidence: SKILL.md specifies that scripts/retrieve.py implements scoring logic and is invoked during the load phase of the scan.
  • Context: The script performs Jaccard similarity calculations and set operations; it does not currently exhibit network operations or unsafe command construction.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 06:25 AM