agent-carnet
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the 'agent-carnet' command-line interface to manage note files. This involves standard shell execution for file operations such as saving, searching, and deleting markdown notes within the project's .carnet/ directory.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes and displays content from stored notes which may be influenced by external data or past interactions.
- Ingestion points: Data enters the agent's context through the 'agent-carnet show' and 'agent-carnet find' commands which read markdown files from the .carnet/ directory (SKILL.md).
- Boundary markers: There are no specified boundary markers or instructions to treat the retrieved note content as untrusted or to ignore any embedded commands (SKILL.md).
- Capability inventory: The agent has the ability to read, write, move, and delete files within the project directory using the 'agent-carnet' tool (SKILL.md).
- Sanitization: The skill does not implement any validation or sanitization of the markdown content before it is read by the agent (SKILL.md).
Audit Metadata