rfp-evaluate
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted RFP data (titles and descriptions) which are interpolated into AI prompts in the
evaluateWithAIfunction. While this presents an indirect prompt injection surface, it is a standard design for AI evaluation tasks and has no access to dangerous system capabilities. - Ingestion points: RFP title and description passed to the AI provider.
- Boundary markers: No specific delimiters are used to wrap external content.
- Capability inventory: Restricted to logic evaluation and scoring via LLM.
- Sanitization: No explicit text sanitization is performed on input text before prompt construction.
Audit Metadata