knowledge-base-builder
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process external documents (PDFs, Markdown, text) into an agent's knowledge base. This creates a surface for indirect prompt injection if the source documents contain adversarial instructions.
- Ingestion points: Phase 1 and Phase 3 describe document ingestion from external sources.
- Boundary markers: No specific boundary markers or 'ignore' instructions are included in the provided markdown templates.
- Capability inventory: The skill utilizes Write, Read, Edit, Grep, Glob, and Bash tools to manage the knowledge filesystem.
- Sanitization: No explicit sanitization logic for ingested text is provided in the code snippets.
- [COMMAND_EXECUTION]: The skill requests Bash and filesystem tool access. This is aligned with its primary purpose of creating directory structures and managing knowledge files.
Audit Metadata