status
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, such as direct prompt injection, credential harvesting, or unauthorized remote code execution, were identified in the skill instructions or metadata.
- [COMMAND_EXECUTION]: The skill utilizes the
ToolSearchmechanism to discover and load deferred MCP tools (ouroboros_session_statusandouroboros_measure_drift). These are specialized analytical tools within the Ouroboros framework used for session management and are invoked with parameters likesession_idandcurrent_output. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external data (
current_output) through its measurement tools. - Ingestion points: Untrusted data enters the context via the
current_outputargument in theouroboros_measure_drifttool call, which represents current execution state or file contents. - Boundary markers: The instructions do not define specific boundary markers (e.g., XML tags or delimiters) to isolate the untrusted content from the tool's core logic.
- Capability inventory: The skill is limited to checking status and measuring drift; it does not have the capability to write files, execute arbitrary shell commands, or perform network requests outside the MCP framework.
- Sanitization: There is no evidence of content sanitization or instruction filtering before the data is passed to the drift measurement tool. However, this is a standard operational surface for analytical tools and does not indicate malicious intent.
Audit Metadata