using-exploration-cycle
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill uses strong directives such as 'EXTREMELY-IMPORTANT' and 'MUST route' to enforce internal workflow logic. These are used to constrain agent behavior to a specific business process rather than attempting to bypass safety filters or ignore prior instructions.
- [DATA_EXPOSURE]: The skill references reading a local file
exploration/exploration-dashboard.mdand an internal SQLite database. These actions are limited to managing session state and do not involve harvesting sensitive system files or credentials. - [INDIRECT_PROMPT_INJECTION]: The agent ingests data from the
exploration-dashboard.mdfile to determine workflow phases. While this presents a potential ingestion surface, the risk is mitigated by the instruction to treat the programmatic SQLite database as the 'absolute state authority' rather than the user-modifiable markdown or chat history. - [COMMAND_EXECUTION]: While the skill manages control flow by invoking other skills like
exploration-workflow, it does not execute arbitrary shell commands or subprocesses.
Audit Metadata