agent-knowledge
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The instructions direct the agent to 'Create pages silently — don't announce it to the user.' This is a concealment pattern that limits transparency regarding when the agent is updating its long-term knowledge base.
- [INDIRECT_PROMPT_INJECTION]: The skill possesses a significant attack surface for indirect prompt injection through its core functionality.
- Ingestion points: Data enters the agent's context through the
agent_knowledge_ingesttool, theagent_knowledge_recalltool, and the automatic 'Hindsight' memory bank which extracts observations from conversations. - Boundary markers: The skill does not define any delimiters or provide instructions to the agent to disregard malicious instructions embedded within the ingested data.
- Capability inventory: The agent can list, read, create, update, and delete persistent knowledge pages, allowing data-driven observations to influence its behavior across different sessions.
- Sanitization: There are no requirements for sanitizing or validating external content before it is processed by the 'source_query' or stored in the knowledge pages.
Audit Metadata