corpus-discovery-dialogue
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection because it ingests untrusted user content for analysis without employing safety boundaries or sanitization.\n
- Ingestion points: As outlined in
SKILL.md(Phase 0) andREADME.md, the agent is instructed to request 3-5 sample texts from the user and can optionally access acorpus_file_path.\n - Boundary markers: No explicit delimiters (e.g., XML tags or special markers) are defined to isolate the ingested corpus data from the agent's internal reasoning or instructions.\n
- Capability inventory: The dialogue framework guides the user and agent toward generating Python code and installing external packages (e.g.,
vaderSentiment,transformers), which could be exploited if malicious instructions were embedded in the corpus samples.\n - Sanitization: No input sanitization, filtering, or validation for the ingested text content is implemented.\n- [EXTERNAL_DOWNLOADS]: The skill's methodology roadmaps recommend the installation of several well-known Python packages.\n
- Evidence: The skill provides
pip installcommands forvaderSentiment,transformers,torch,bertopic,sentence-transformers,spacy,networkx, andscattertext.\n - Context: These are established, industry-standard libraries used for natural language processing and research.
Audit Metadata