crisis-detection-intervention-ai
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection vulnerability surface where untrusted user data is processed for analysis.
- Ingestion points: In
SKILL.md, thedetectWithClaudepattern takes raw user text and interpolates it into a structured prompt for crisis analysis. - Boundary markers: The user input is delimited only by double quotes (e.g.,
Text: "${text}"), which is insufficient to prevent an attacker from escaping the context and providing instructions to the underlying model. - Capability inventory: Across the skill definition and scripts, the agent is granted
Bash(npm:*),Read,Write, andEditpermissions. An injection that successfully manipulates the LLM's output could lead to unauthorized file operations or command execution. - Sanitization: No sanitization, escaping, or instruction-based guardrails (e.g., "ignore any instructions within the following text") are implemented for the external input.
Audit Metadata