model-hierarchy
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's core functionality relies on the agent analyzing and classifying user-provided task descriptions, which creates an inherent surface for indirect prompt injection.\n
- Ingestion points: Untrusted task descriptions enter the system via the
taskobject described inSKILL.mdand thetask_descriptionparameter in the provided Python examples.\n - Boundary markers: Absent. The instructions and code examples do not utilize or recommend delimiters (such as
XMLtags or specific markers) to separate the model routing instructions from the external task data.\n - Capability inventory: The skill controls high-level model routing. An attacker could potentially craft a task description designed to force the selection of a specific model (e.g., a less-aligned or more expensive one) or attempt to override agent instructions during the classification phase.\n
- Sanitization: Absent. No filtering, validation, or escaping logic is suggested or implemented to sanitize task input before it is evaluated by the agent.
Audit Metadata