skills/virattt/dexter/write-memo/Gen Agent Trust Hub

write-memo

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: A detailed analysis of the skill's instructions, templates, and guidelines found no evidence of malicious code, data exfiltration, or unauthorized command execution. The skill uses platform-provided tools such as get_financials, get_market_data, and read_filings to perform its core functions.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it retrieves and processes data from external sources (social media via x_search and filings via read_filings) and interpolates this content into a persistent HTML memo. This is a common characteristic of agents that aggregate web data for reporting.
  • Ingestion points: Data is gathered through read_filings, x_search, get_financials, and get_market_data in Step 2 of the workflow.
  • Boundary markers: The skill does not define specific delimiters or 'ignore' instructions for the data interpolated into the HTML template.
  • Capability inventory: The write_file tool is used to save the generated HTML memo to a local directory (.dexter/memos/).
  • Sanitization: The instructions do not specify sanitization or escaping protocols for the external content included in the output file.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 10:11 AM
Security Audit — agent-trust-hub — write-memo