archive-suggest
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection vulnerability surface detected.
- Ingestion points: The skill reads untrusted or external data from
Master Content Index,Content Database, andPodcast Transcripts(specificallyStudio/Podcast Studio/*/transcript.md). - Boundary markers: Absent. The instructions do not define delimiters or specific 'ignore' directives when processing the content from these files.
- Capability inventory: The agent has the capability to read arbitrary files in the specified directories and post content to a Slack channel (
C0ABV2VQQKS) via the Slack MCP. - Sanitization: Absent. There is no evidence of filtering or escaping logic applied to the content extracted from transcripts or archive files before it is interpolated into the prompt for draft generation.
- Risk: If an attacker inserts malicious instructions into a podcast transcript or a blog post (e.g., within HTML/Markdown comments), the agent might execute those instructions while attempting to 'Extract Key Snippets' or 'Generate draft posts'.
Audit Metadata