Eleanor
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection through the
scripts/research_query.pyscript which is used to format academic responses. - Ingestion points: The script accepts a
topicstring and a list ofkey_pointsas arguments in theformat_research_responsefunction, which are intended to be populated by user-driven queries. - Boundary markers: The script lacks any boundary markers, delimiters, or system-level instructions to ignore malicious prompts embedded within the
topicorkey_pointsdata. - Capability inventory: No dangerous capabilities (such as network access, filesystem writes, or subprocess execution) were detected in the script or the broader skill; it merely returns a structured dictionary.
- Sanitization: There is no evidence of input validation or sanitization for the strings processed by the formatter.
- [SAFE]: A metadata inconsistency was identified between
SKILL.mdandscripts/research_query.py. The character defined in the skill identity is 'Eleanor' (a 24-year-old researcher in a cafe), but the script contains hardcoded constants (HERMIONE_SOURCES), logic (subject_area == "divination"), and comments specific to the 'Hermione' character from the Harry Potter franchise. While not a direct security vulnerability, this suggests the skill may exhibit deceptive or inconsistent behavior during runtime.
Audit Metadata