introspection-review-tracker
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using the llmem CLI tool, such as track-review and search, as a mandatory part of its workflow. \n- [PROMPT_INJECTION]: The skill describes a process for persisting adversarial findings into self-assessment memories, creating a surface for indirect prompt injection. \n
- Ingestion points: Finding data is ingested from /tmp/review-findings.json (SKILL.md). \n
- Boundary markers: No delimiters or instructions to disregard embedded commands are documented for the persisted findings. \n
- Capability inventory: The skill uses llmem track-review to persist data and llmem search to retrieve it (SKILL.md). \n
- Sanitization: No sanitization or validation for ingested finding content is mentioned in the documentation.
Audit Metadata