chronicle-agent
Pass
Audited by Gen Agent Trust Hub on May 24, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it ingests and stores user-provided content which is later retrieved and displayed to the agent. This is a low-risk surface inherent to the tool's journaling function. \n
- Ingestion points: The
--contentargument in thecreatecommand withinscripts/chronicle_manager.py.\n - Boundary markers: No explicit boundary markers or 'ignore' instructions are defined in the SKILL.md. \n
- Capability inventory: The skill is restricted to file creation, reading, and searching within the local
02_LIVING_CHRONICLEdirectory.\n - Sanitization: No content-level sanitization or escaping is performed on the journal entries.\n- [COMMAND_EXECUTION]: The script
scripts/chronicle_manager.pyimplements safe filename generation by slugifying titles and stripping non-alphanumeric characters. This prevents path traversal or command injection via malicious entry titles.
Audit Metadata