cardiology-newsletter-writer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill contains extensive 'Anti-AI' guidelines (references/anti-ai-guidelines.md) designed to mimic a human author and avoid detection by AI classifiers. While this is intended for persona adoption, the use of instructions specifically aimed at evading automated detection systems is a common adversarial pattern.
- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) due to the following evidence chain:
- Ingestion points: The skill retrieves full-text articles and abstracts from PubMed and trending topics from general web searches (SKILL.md Phase 1 & 2).
- Boundary markers: The prompt lacks explicit delimiters or instructions to the agent to ignore potentially malicious instructions embedded within the retrieved medical literature or web search results.
- Capability inventory: The skill possesses the capability to perform web searches and call PubMed MCP tools.
- Sanitization: No sanitization or validation of the external content is performed before the data is analyzed and drafted into the newsletter.
Audit Metadata