using-oac
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill employs extremely imperative and high-pressure language to override the agent's default reasoning and safety-evaluation processes regarding tool use.
- Evidence: "YOU DO NOT HAVE A CHOICE. YOU MUST USE IT. This is not negotiable. This is not optional."
- The instructions explicitly forbid the agent from using its own judgment to gather context first or ask clarifying questions, mandating tool execution as the absolute first step.
- [PROMPT_INJECTION]: The skill defines a surface for Indirect Prompt Injection by mandating the loading of external content (skills) based on user-controlled input.
- Ingestion points: User messages trigger the selection and loading of skills via the
Skilltool (SKILL.md). - Boundary markers: Absent. There are no instructions to the agent to treat the loaded skill content as untrusted or to maintain its own safety boundaries when the external instructions are presented.
- Capability inventory: The
Skilltool loads external logic and instructions directly into the agent's active context (SKILL.md). - Sanitization: Absent. The workflow lacks verification or validation steps for the content fetched by the
Skilltool.
Audit Metadata