evolve-step
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests data from
.symposium/scratch/socrates.mdto generate candidates for refinement. This ingestion surface is susceptible to indirect prompt injection if the source file contains malicious instructions designed to subvert the agent's logic. - Ingestion points: Read operation on
.symposium/scratch/socrates.md. - Boundary markers: None; the instructions do not define delimiters to separate instructions from user-controlled data during the read process.
- Capability inventory: File-write access to
.symposium/scratch/socrates.mdand.symposium/scratch/evolve-step.md. - Sanitization: The skill implements a 'User Adoption Gate,' requiring explicit user selection of candidates via a compact checkbox prompt before any state changes are committed.
Audit Metadata