cognitive-mechanism-extractor

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill includes extensive security measures and defensive instructions. Documents such as references/safety-boundaries.md and evals/red-team-cases.md explicitly instruct the agent to reject role-play, prompt extraction, and instruction-override attempts. The static analysis hits for 'ignore instructions' are false positives as they are part of the skill's own internal red-teaming test suite designed to ensure the agent maintains its safety posture.
  • [SAFE]: The skill's configuration in SKILL.md implements a minimal attack surface. It uses disable-model-invocation: true, which prevents the model from being triggered unintentionally, and it does not authorize any external tools (allowed-tools is absent or empty), thereby blocking capabilities like network requests, shell execution, or file system modifications.
  • [SAFE]: Regarding Category 8 (Indirect Prompt Injection), the skill processes untrusted resumes but implements a robust defense-in-depth approach: (1) Ingestion points are localized to specific hypothesis-generation prompts in prompts/resume-hypothesis-map.md; (2) Boundary markers are present via the mandatory assets/candidate-contract.md and safety rules in references/safety-boundaries.md; (3) The capability inventory is empty, providing no exploitable tools to an attacker; (4) Sanitization is active as the skill specifically trains the model to identify and ignore embedded instructions in resume text, as evidenced by test case GC-004 in evals/golden-cases.md.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 07:38 PM
Security Audit — agent-trust-hub — cognitive-mechanism-extractor