ts-log
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill requires the agent to read and act upon workflow logs created in previous sessions. Because these logs aggregate state from various sources, including user input and command execution results, they serve as a persistence mechanism for potentially malicious instructions.
- Ingestion points: Workflow logs located in the
docs/workflows/directory are read at the start of each pass to establish context and determine the next action. - Boundary markers: The instructions define a markdown schema but do not include explicit delimiters or instructions to treat log content as untrusted data, which could allow embedded instructions to be executed by the agent.
- Capability inventory: The skill possesses the capability to write to the file system (creating directories and markdown files) and implicitly relies on other tools to execute implementation and review tasks.
- Sanitization: The skill lacks requirements for sanitizing or escaping the content stored in logs, such as "copied user requests" or command output, before it is read back into the prompt context.
Audit Metadata