glean-knowledge
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- NO_CODE (SAFE): The skill contains no executable code or scripts. It serves as a configuration for existing Model Context Protocol (MCP) tools.
- PROMPT_INJECTION (LOW): High surface area for indirect prompt injection. The skill is specifically designed to ingest content from collaborative environments (Slack, Jira, Confluence) where third parties can place malicious instructions.
- Ingestion points: Processes Slack threads, Jira tickets, and Confluence pages via
mcp__glean__searchandmcp__glean__chat. - Boundary markers: None specified in the instructions to help the agent distinguish between data and instructions.
- Capability inventory: Tools allow for wide-scale searching and reading of internal documents.
- Sanitization: No evidence of sanitization or filtering for embedded instructions in the retrieved content.
Audit Metadata