caveman
Pass
Audited by Gen Agent Trust Hub on Jun 3, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill uses persistence instructions ("ACTIVE EVERY RESPONSE", "No revert after many turns") to ensure the requested linguistic style is maintained throughout the session. This is a standard persona-management technique and does not attempt to override system safety protocols.
- [COMMAND_EXECUTION]: The 'Output Report' section defines a structured workflow for the agent to create and update markdown files within a specific project directory (
llmwiki/). These file operations are part of the skill's intended documentation functionality and do not involve arbitrary shell commands or access to sensitive system files. - [PROMPT_INJECTION]: The reporting feature processes user-derived content (summaries) to generate filenames and log entries. While this creates a surface for indirect prompt injection (Category 8), the risk is minimal as it targets a local documentation directory and follows a strict kebab-case naming convention.
- Ingestion points: User-provided task descriptions and summaries (SKILL.md).
- Boundary markers: None explicitly defined for untrusted data in the report template.
- Capability inventory: File creation and modification in the
llmwiki/path (SKILL.md). - Sanitization: The instructions specify a specific 'kebab-case' format for the generated strings, which acts as a rudimentary validation step.
Audit Metadata