repurpose-talk
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: Accesses the file
~/.devadvokit.mdin the user's home directory to gather context. While likely a configuration file for the toolset, accessing home directory files is a data exposure risk. - [DATA_EXFILTRATION]: Prompts the user to provide file paths for the agent to read, which could lead to unauthorized file access if the agent is not restricted.
- [DATA_EXFILTRATION]: Accesses a relative path
../../shared/ai-antipatterns.mdoutside the skill's root directory. - [PROMPT_INJECTION]: Instructs the agent to read files "silently" and hide its internal rewriting process from the user, which are techniques that can be used to conceal agent behavior.
- [PROMPT_INJECTION]: Processes untrusted user content (transcripts and speaker notes) without using delimiters or sanitization. This creates an indirect prompt injection vulnerability. (Evidence: Ingestion point: Q&A item #2 in SKILL.md; Boundary markers: Absent; Capability: Local file reading; Sanitization: Absent).
Audit Metadata