Skills
skills/equinor/fusion-framework/custom-index-eval/Gen Agent Trust Hub

custom-index-eval

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes data from local files as instructions for its internal logic and sub-agents.\n
  • Ingestion points: The skill reads domain evaluation patterns and judgement instructions from files in the eval/index/ directory (e.g., SKILL.md Step 1 and 2).\n
  • Boundary markers: The skill uses markdown headers (##) and bullet points (- must, - should) to parse data, but it lacks clear delimiters or explicit instructions to ignore potentially embedded directives within that data when passing it to the query-judge sub-agent.\n
  • Capability inventory: The skill can read local files and invoke the mcp_fusion_search or mcp_fusion_search_framework tools based on the content of the parsed files.\n
  • Sanitization: No validation, escaping, or sanitization of the input file content is performed before it is used to build prompts or search queries.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 01:17 AM