Skills
skills/stvlynn/qclaw-skills/night-owl-shrimp/Gen Agent Trust Hub

night-owl-shrimp

Pass

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
  • [NO_CODE]: The skill is entirely composed of Markdown instructions and pseudo-logic. It does not contain any executable Python, JavaScript, or shell scripts.\n- [PROMPT_INJECTION]: The skill defines a memory management system that is vulnerable to indirect prompt injection due to lack of sanitization and clear boundaries.\n
  • Ingestion points: User inputs describing daily stress, feelings, and personal details are captured in memory variables such as {stress_source}.\n
  • Boundary markers: There are no explicit markers or instructions to isolate these variables from the agent's operational instructions when they are retrieved.\n
  • Capability inventory: The skill uses memory read/write capabilities to persist and recall user-controlled strings across sessions.\n
  • Sanitization: There is no logic provided to sanitize or validate user input before it is interpolated into the agent's greeting or processing logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 21, 2026, 04:45 PM