bidwriter
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Analysis of external documents presents an indirect prompt injection surface.
- Ingestion points: The skill ingests untrusted data from tender documents and project specifications (provided via
$ARGUMENTSor direct user input) during the 'Project Initialization' phase. - Boundary markers: The instructions do not define specific delimiters or 'ignore' directives to isolate the external document content from the agent's instruction set.
- Capability inventory: The skill facilitates directory creation, file generation (writing the technical and business bid sections), and the invocation of document conversion tools like
docx,pdf, andpptx. - Sanitization: No evidence of input sanitization or validation is present to detect or strip malicious commands that might be embedded within the processed tender documents.
Audit Metadata