knowledge-synthesis
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- [Prompt Injection] (LOW): The skill is designed to ingest and process untrusted data from multiple external sources, creating an attack surface for indirect prompt injection.
- Ingestion points: Processes content from
~~chat,~~email,~~cloud storage, and~~project trackeras seen in the 'The Goal' and 'Synthesis Workflow' sections. - Boundary markers: No specific delimiters (e.g., XML tags or triple quotes) or 'ignore' instructions are mandated to separate untrusted content from the agent's instructions.
- Capability inventory: The skill is limited to generating narrative summaries for user display; it lacks direct file-system access, command execution, or network capabilities.
- Sanitization: The instructions provide no guidance on sanitizing or filtering malicious instructions embedded within the source data.
- [No Code] (INFO): This skill contains only documentation and natural language instructions. There are no executable scripts, binaries, or configuration files that could facilitate traditional RCE or persistence.
Audit Metadata