do
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external manifest files and execution logs to drive its implementation tasks, creating an indirect prompt injection surface.
- Ingestion points: Manifest and log file paths provided in the arguments are read and their contents are used to define tasks and history.
- Boundary markers: The prompt lacks delimiters or specific instructions to ignore malicious directives within the ingested manifest or log data.
- Capability inventory: The skill possesses file write permissions (logging to /tmp), messaging capabilities (SendMessage to lead), and the ability to invoke external tools (/verify).
- Sanitization: There is no evidence of validation or sanitization applied to the contents of the external files before the agent acts upon them.
Audit Metadata