caveman-help
Pass
Audited by Gen Agent Trust Hub on Jun 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface
- The 'Output Report' mechanism defines a workflow that interpolates untrusted data (a user-provided summary represented as
<ten>) into file paths and document content. - Ingestion Points: User-controlled summary strings (
<ten>) and skill names are ingested during the reporting step inSKILL.md. - Capability Inventory: The skill performs file creation and append operations on several files:
llmwiki/wiki/draft/cave/DDMMYY-<ten>.md,llmwiki/wiki/index.md, andllmwiki/wiki/log.md. - Boundary Markers: The instructions do not specify any delimiters or boundary markers to isolate the untrusted data from the system's instructions.
- Sanitization: There are no instructions provided to sanitize, validate, or escape the user-supplied strings (e.g., to prevent path traversal like
../../) before they are used in file system operations.
Audit Metadata