Skills
skills/ajshedivy/ibmi-agent-skills/application/Gen Agent Trust Hub

application

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection by reading potentially untrusted data from system objects.
  • Ingestion points: Tools defined in tools/application.yaml such as list_data_queue_entries, get_data_area_value, and list_environment_variables ingest data from IBM i data queues, data areas, and environment variables.
  • Boundary markers: Absent. The tools do not implement delimiters or provide instructions to the agent to treat the retrieved data as untrusted.
  • Capability inventory: The skill provides read-only SQL querying tools targeting QSYS2 views and table functions. The documentation also mentions the availability of an execute_sql tool and identifies the QCMDEXC procedure as available on the IBM i system.
  • Sanitization: Absent. The content retrieved from the IBM i system (e.g., message data and environment variable values) is passed to the agent without validation or escaping.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 02:34 PM