synthesize
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it mines untrusted data from the conversation history. Ingestion points: Phase 1 (SKILL.md) directs the agent to scan the conversation for options from all sources, including user-injected ideas. Boundary markers: The skill does not implement delimiters or ignore embedded instructions warnings for the data it processes. Capability inventory: The skill is limited to text summarization, categorization, and ranking; no subprocess calls, network access, or file operations are present. Sanitization: There is no evidence of content validation or escaping of external data.
Audit Metadata