heal
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection where instructions embedded in processed data could influence agent behavior.
- Ingestion points: The skill reads conversation history, 'MEMORY.md', and 'CLAUDE.md' during the grounding and scanning phases (File: SKILL.md).
- Boundary markers: Absent; there are no instructions to use XML tags or specific delimiters to isolate ingested data from the prompt context.
- Capability inventory: The skill is authorized to use 'Read' and 'Write' tools for file system interaction (File: SKILL.md).
- Sanitization: Absent; no filtering, validation, or escaping of the content retrieved from external files or history is defined before processing.
Audit Metadata