chatroom-austrian
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it interpolates untrusted user queries directly into the prompts used to spawn sub-agents.
- Ingestion points: User input enters the system through the {用户问题} and {新问题} variables in Phase 2 and Phase 4 of SKILL.md.
- Boundary markers: The skill lacks delimiters (such as XML tags or clear markers) and does not provide instructions to the sub-agents to ignore potential commands embedded within the user's input.
- Capability inventory: The skill uses the Agent tool to invoke sub-agents with specific personas, which could be hijacked by malicious user input.
- Sanitization: There is no evidence of input validation, filtering, or escaping before the user content is interpolated into the agent prompts.
- [NO_CODE]: The skill consists entirely of instructional markdown and configurations without any associated script files or executables.
Audit Metadata