lore
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No override markers, role-play injections, or instructions to ignore safety guidelines were detected. The instructions focus entirely on knowledge curation and evidence-based pattern extraction.
- [DATA_EXFILTRATION]: The skill is designed to read agent journals (
.agents/*.md) and logs (triage.md,mend.md). There are no network operations, hardcoded credentials, or commands to send this data to external or non-whitelisted domains. - [OBFUSCATION]: No Base64, zero-width characters, homoglyphs, or encoded strings were found in the provided files.
- [REMOTE_CODE_EXECUTION]: The skill contains no package installation commands (npm/pip) or remote script execution patterns (curl/wget to bash). It explicitly states it does not write application code or modify skill files.
- [COMMAND_EXECUTION]: The skill performs read-only operations on local markdown files. There are no instances of
sudo,chmod, or arbitrary shell command execution. - [PRIVILEGE_ESCALATION]: No attempts to acquire administrative privileges or modify system configurations were identified.
- [PERSISTENCE_MECHANISMS]: No commands for shell profile modification, cron jobs, or startup services are present.
- [INDIRECT_PROMPT_INJECTION]: While the skill processes untrusted journal data, it uses strict boundary markers (reading full entries, citing evidence) and lacks dangerous capabilities (no code execution or network writes), effectively mitigating the risk of indirect injection.
- [DYNAMIC_EXECUTION]: The skill does not generate or execute code at runtime. It focuses on structured markdown reporting and metadata updates.
Audit Metadata