NYC

Knowledge Base Manager

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process untrusted data from document-based and entity-based external sources, which is a known vector for indirect prompt injection attacks.\n
  • Ingestion points: Processes external data from sources listed in inventory files and external databases like Pinecone or Neo4j.\n
  • Boundary markers: The provided documentation does not specify the use of delimiters or 'ignore' instructions to isolate untrusted data from the system prompt.\n
  • Capability inventory: The manifest declares capabilities for modifying files, modifying databases, and making API calls, which could be exploited if an injection occurs.\n
  • Sanitization: No sanitization or validation protocols are mentioned for the external content ingestion pipeline.\n- [No Code] (SAFE): The provided files contain only architectural guidance and configuration metadata; no executable scripts or code patterns were found.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:12 PM