prism-scan
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the ingestion of untrusted project data. Ingestion points: In Step 0, the skill reads '.prism-history.md' from the local project directory. Boundary markers: The instructions lack delimiters or warnings to ignore embedded instructions within the history file. Capability inventory: The skill uses the 'Read' tool and generates complex reasoning instructions that it subsequently executes. Sanitization: External data from the history file is used directly to 'cook' the analytical lens without validation or filtering. An attacker could place malicious instructions in '.prism-history.md' to influence the generated lens, potentially leading the agent to reveal sensitive information or bypass intended task constraints during the execution phase.
Audit Metadata