rehabilitation-analyzer
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes potentially untrusted data from local rehabilitation files (rehabilitation-tracker.json and daily logs) which serves as an indirect prompt injection surface.
- Ingestion points: Reads files from the 'data/' directory (SKILL.md).
- Boundary markers: The instructions do not define specific delimiters or instructions to ignore embedded commands within the processed data.
- Capability inventory: Uses file management tools (Read, Grep, Glob, Write, Edit) but lacks network or code execution capabilities.
- Sanitization: No input sanitization or validation of the ingested JSON content is specified. This finding is considered low risk as there is no exfiltration path or remote execution capability.
Audit Metadata