icp-creator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill exhibits a significant attack surface by ingesting untrusted user input and exercising a file-write capability. If malicious instructions are embedded in the user's responses, they could compromise other components of the agent system.
- Ingestion points: User responses to 29 individual questions across seven phases of an interview process (SKILL.md).
- Boundary markers: Absent. There are no instructions or delimiters provided to ensure the agent treats user input as passive data rather than executable instructions.
- Capability inventory: Persistent file write access to
/context/icp.jsonvia the "Output Format" instruction. - Sanitization: Absent. The instructions specifically mandate using the user's "own words" and do not include any validation or escaping logic for the resulting JSON structure.
Recommendations
- AI detected serious security threats
Audit Metadata