blog-01-create-prompt
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection through its data processing workflow.
- Ingestion points: Untrusted data enters the agent context through the
$ARGUMENTSvariable and theWebSearchtool results. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore or isolate malicious instructions embedded within the search results.
- Capability inventory: The skill performs file-write operations to the
._tmp/prompts/directory. - Sanitization: No sanitization or escaping of the external content is performed before it is interpolated into the generated prompt file. While the risk is limited to the generated file's content, a malicious search result could influence the output prompt, potentially affecting downstream tools like
/blog-02-write-post.
Audit Metadata