consult-outside-expert
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill is highly vulnerable to indirect injection because it processes untrusted user data for review without sanitization.\n
- Ingestion points: Any request involving external consultation or feedback (SKILL.md).\n
- Boundary markers: None. The skill does not use delimiters to wrap untrusted content.\n
- Capability inventory: Invokes Codex MCP tools (external communication and tool execution) and follows external guide instructions.\n
- Sanitization: None. No filtering is performed before sending data to the expert loop.\n- External Instruction Dependency (LOW): The skill explicitly instructs the agent to follow '@references/guide.md' and forbids proceeding without it, creating a risk if that external file is compromised or contains malicious instructions.
Audit Metadata