burnlite
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructions allow for the processing of untrusted user data in the form of XML reference blocks (). This creates a surface for indirect prompt injection where an attacker could provide malicious data to influence the agent's behavior or tool parameters.
- Ingestion points: User-pasted XML blocks defined in SKILL.md.
- Boundary markers: There are no instructions to use delimiters or ignore embedded instructions within the XML block.
- Capability inventory: The skill utilizes tools for reading and writing project data (view_task_details, update_task, complete_task).
- Sanitization: No sanitization logic is specified for the IDs or metadata extracted from the XML before use in tool calls.
Audit Metadata