recovery-education-writer
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill is composed entirely of informational Markdown files (README.md, SKILL.md, and the references directory) and does not include any executable code, scripts, or binary assets.
- [PROMPT_INJECTION]: The skill architecture creates a surface for indirect prompt injection.
- Ingestion points: Data enters the agent context through the
WebSearchtool and user-provided prompts as specified inSKILL.md. - Boundary markers: The instructions in
SKILL.mdlack specific delimiters or instructions to prevent the agent from following directions embedded in retrieved search results. - Capability inventory: The agent has permissions to
WriteandEditcontent, which could be used to output influenced content if an injection occurs (SKILL.md). - Sanitization: There is no evidence of automated sanitization or validation of data fetched from external web sources.
Audit Metadata