project-development
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process external data through a multi-stage pipeline, creating an indirect prompt injection surface where malicious instructions in input data could influence agent behavior.
- Ingestion points: In
scripts/pipeline_template.py, thestage_acquirefunction is a placeholder for fetching data from external sources (APIs, databases, web scraping). - Boundary markers: The
PROMPT_TEMPLATEinscripts/pipeline_template.pyuses markdown headers (e.g., '# Content to Analyze') to delimit input, but it does not include explicit instructions for the LLM to ignore potentially malicious instructions embedded within that content. - Capability inventory: The provided template script performs file system operations (read/write) within the local
data/andoutput/directories. It does not currently implement active network or shell execution, though the methodology discusses such tools. - Sanitization: There is no evidence of input sanitization or escaping in the
generate_promptfunction before data is interpolated into the prompt template.
Audit Metadata