write-memo
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: A detailed analysis of the skill's instructions, templates, and guidelines found no evidence of malicious code, data exfiltration, or unauthorized command execution. The skill uses platform-provided tools such as
get_financials,get_market_data, andread_filingsto perform its core functions. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it retrieves and processes data from external sources (social media via
x_searchand filings viaread_filings) and interpolates this content into a persistent HTML memo. This is a common characteristic of agents that aggregate web data for reporting. - Ingestion points: Data is gathered through
read_filings,x_search,get_financials, andget_market_datain Step 2 of the workflow. - Boundary markers: The skill does not define specific delimiters or 'ignore' instructions for the data interpolated into the HTML template.
- Capability inventory: The
write_filetool is used to save the generated HTML memo to a local directory (.dexter/memos/). - Sanitization: The instructions do not specify sanitization or escaping protocols for the external content included in the output file.
Audit Metadata