conversation-summary
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection surface identified. The skill's primary function is to process untrusted external data (ChatGPT exports, transcripts, logs) which acts as a vector for malicious instructions.
- Ingestion points: Conversation files provided by the user in Phase 1 and data segments (like the last two lines of previous chunks) interpolated into sub-agent prompts.
- Boundary markers: Absent. Prompt templates in
references/analysis-template.mdandreferences/synthesis-template.mddo not utilize delimiters (e.g., XML tags or triple backticks) to separate instructions from the untrusted data being analyzed. - Capability inventory: The orchestrator possesses file system read/write access and the ability to spawn and instruct sub-agents with interpolated context.
- Sanitization: Absent. The skill instructions explicitly mandate the extraction of 'exact quotes' and the preservation of original 'typos/informal spelling', ensuring that any embedded injection payloads are passed through the analysis chain without modification or escaping.
Audit Metadata