Skills
skills/personizeai/personize-skills/personize-agent-workspace/Gen Agent Trust Hub

personize-agent-workspace

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it is designed to ingest and process untrusted external data to extract structured workspace entries.
  • Ingestion points: Untrusted data enters the agent context through the client.ai.prompt calls in recipes/multi-agent-account.ts and recipes/trigger-dev-bridge.ts when analyzing account signals.
  • Boundary markers: The skill uses markdown headers like ## Workspace State to delimit data, which helps structure the prompt but does not explicitly instruct the model to ignore nested malicious instructions.
  • Capability inventory: The agent can write to entity memory (memorize), retrieve organizational policies (smartGuidelines), and perform semantic searches across workspace history (smartRecall).
  • Sanitization: While recipes/helpers.ts includes a safeParseJSON function to handle markdown formatting, there is no semantic sanitization or validation of the extracted content to prevent malicious data from influencing agent behavior.
  • [DATA_EXFILTRATION]: The skill transmits data to https://agent.personize.ai to perform its core functions of memory storage and retrieval.
  • Evidence: Reference files (e.g., reference/api-examples.md) and recipes (e.g., recipes/quickstart.ts) use the Personize API to synchronize workspace state.
  • Context: These network operations target the official infrastructure of the vendor and are necessary for the skill's primary purpose of cross-agent coordination.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 08:00 PM