witness-observer
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because its core logic relies on data from external agents to trigger actions.
- Ingestion points: The skill monitors agent health via
state.listAgents,state.getHook, and themailchannel as described inSKILL.md. - Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the processing of agent messages or status payloads.
- Capability inventory: The skill has the capability to write 'nudge' records and escalation files to the
.chipset/state/directory, which may influence the behavior of the 'mayor' agent. - Sanitization: There is no evidence of validation, escaping, or filtering of the monitored data before it is interpolated into escalation messages.
Audit Metadata