agently-triggerflow-interrupts-and-stream
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill's implementation patterns for handling runtime streams present a surface for potential indirect prompt injection. \n
- Ingestion points: Untrusted data enters the workflow context via
data.valuein thestream_replypattern inreferences/model-stream-bridge.md. \n - Boundary markers: The documentation lacks examples of using delimiters or instructions to the agent to ignore instructions embedded within the processed data chunks. \n
- Capability inventory: The skill utilizes
async_put_into_streamandasync_stop_streamwithinTriggerFlowRuntimeDatato manage live output. \n - Sanitization: There is no evidence of data sanitization, validation, or escaping before data is placed into the runtime stream in the provided code examples.\n- [EXTERNAL_DOWNLOADS]: The skill references source code and documentation from the author's official repositories.\n
- Evidence: Links to the Agently GitHub repository (github.com/AgentEra/Agently) and official documentation (agently.tech) are provided in
references/source-map.mdto assist with implementation.
Audit Metadata