rules-capture
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill captures untrusted user input from conversations and writes it to governance files located in
.agents/SYSTEM/. This functionality introduces a surface for indirect prompt injection where malicious instructions could be codified as persistent system rules. The skill's design includes a human-in-the-loop confirmation step to mitigate this risk.\n - Ingestion points: User conversation text is monitored and extracted via regex triggers defined in
SKILL.md.\n - Boundary markers: Extracted user quotes are encapsulated in markdown blockquotes (
>) to provide structural separation.\n - Capability inventory: The skill performs file append, move, and removal operations targeting files within the
.agents/SYSTEM/directory as described inSKILL.md.\n - Sanitization: The skill does not perform automated sanitization of user input, instead relying on documentation formatting and a mandatory user approval step before rules are finalized.
Audit Metadata