box-automation
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection by processing data from an external cloud storage provider that could contain malicious instructions.
- Ingestion points: Tools like
BOX_SEARCH_FOR_CONTENTandBOX_LIST_ITEMS_IN_FOLDERretrieve file names and metadata from the Box account into the agent's context. - Boundary markers: The instructions do not include boundary markers or warnings to the agent to ignore instructions embedded in the retrieved Box data.
- Capability inventory: The agent is granted extensive capabilities, including
BOX_DELETE_FOLDER,BOX_UPLOAD_FILE, and the ability to manage collaborations and sharing permissions. - Sanitization: There is no mention of sanitizing or validating retrieved data before it is processed by the agent.
Audit Metadata