NYC

cardiology-newsletter-writer

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • PROMPT_INJECTION (LOW): The skill contains extensive 'Anti-AI' guidelines (references/anti-ai-guidelines.md) designed to mimic a human author and avoid detection by AI classifiers. While this is intended for persona adoption, the use of instructions specifically aimed at evading automated detection systems is a common adversarial pattern.
  • PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) due to the following evidence chain:
  • Ingestion points: The skill retrieves full-text articles and abstracts from PubMed and trending topics from general web searches (SKILL.md Phase 1 & 2).
  • Boundary markers: The prompt lacks explicit delimiters or instructions to the agent to ignore potentially malicious instructions embedded within the retrieved medical literature or web search results.
  • Capability inventory: The skill possesses the capability to perform web searches and call PubMed MCP tools.
  • Sanitization: No sanitization or validation of the external content is performed before the data is analyzed and drafted into the newsletter.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:17 PM