crisis-response-protocol
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by evaluating untrusted user messages to drive its internal logic and crisis escalation actions.\n
- Ingestion points: User messages are ingested and processed by the
assessCrisisLevelfunction inSKILL.md.\n - Boundary markers: Absent; the skill does not utilize specific delimiters to isolate user-provided text from the assessment logic or system instructions.\n
- Capability inventory: The skill includes functions to perform database writes (
logCrisisEvent), trigger external notifications (notifyEmergencyContact), and modify the state of the chat interface (disableChat).\n - Sanitization: Employs a
validateResponseSafetyfunction that uses regular expressions to filter potentially harmful AI-generated content before it reaches the user.\n- [EXTERNAL_DOWNLOADS]: References external safety resources and crisis lifelines from trusted and well-known organizations.\n - Evidence: Includes official contact information and URLs for the 988 Suicide & Crisis Lifeline, SAMHSA, and the Crisis Text Line to ensure users have access to verified human support.
Audit Metadata