Skills
NYC
skills/daffy0208/ai-dev-standards/Knowledge Graph Builder/Gen Agent Trust Hub

Knowledge Graph Builder

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill instructions define workflows for extracting information from external 'documents' and 'verified sources' (README.md). When combined with the manifest-declared capabilities to modifies_files and creates_artifacts, this creates a high-severity surface for indirect prompt injection. An attacker could embed malicious instructions in a processed document to exploit the agent's file system access.\n
  • Ingestion points: Processes external 'documents' and 'verified sources' for entity/relationship extraction (README.md Phase 3).\n
  • Boundary markers: None specified in the instructions to help the agent distinguish between data and instructions.\n
  • Capability inventory: The manifest specifies modifies_files and creates_artifacts as side effects.\n
  • Sanitization: No input validation or sanitization mechanisms are mentioned in the provided guidance.\n- Metadata Poisoning (MEDIUM): The manifest.yaml labels the risk_level as 'low'. This is a misleading metadata claim as the combination of file-system write capabilities and untrusted data ingestion represents a higher risk profile than stated.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 09:26 PM