cognitive-mechanism-extractor
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill includes extensive security measures and defensive instructions. Documents such as
references/safety-boundaries.mdandevals/red-team-cases.mdexplicitly instruct the agent to reject role-play, prompt extraction, and instruction-override attempts. The static analysis hits for 'ignore instructions' are false positives as they are part of the skill's own internal red-teaming test suite designed to ensure the agent maintains its safety posture. - [SAFE]: The skill's configuration in
SKILL.mdimplements a minimal attack surface. It usesdisable-model-invocation: true, which prevents the model from being triggered unintentionally, and it does not authorize any external tools (allowed-toolsis absent or empty), thereby blocking capabilities like network requests, shell execution, or file system modifications. - [SAFE]: Regarding Category 8 (Indirect Prompt Injection), the skill processes untrusted resumes but implements a robust defense-in-depth approach: (1) Ingestion points are localized to specific hypothesis-generation prompts in
prompts/resume-hypothesis-map.md; (2) Boundary markers are present via the mandatoryassets/candidate-contract.mdand safety rules inreferences/safety-boundaries.md; (3) The capability inventory is empty, providing no exploitable tools to an attacker; (4) Sanitization is active as the skill specifically trains the model to identify and ignore embedded instructions in resume text, as evidenced by test case GC-004 inevals/golden-cases.md.
Audit Metadata