proof
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill fetches external markdown content from proofeditor.ai that is subsequently processed by the agent, creating a surface for indirect prompt injection.\n
- Ingestion points: Document state and markdown content are retrieved via the
WebFetchandBash(curl) tools fromhttps://www.proofeditor.ai/api/agent/{slug}/state.\n - Boundary markers: The instructions lack explicit delimiters or safety markers to differentiate between document content and agent instructions.\n
- Capability inventory: The skill includes
BashandWebFetchpermissions, which could be exploited by instructions embedded in a malicious document.\n - Sanitization: There is no evidence of sanitization, validation, or filtering of the content retrieved from the external API before it is presented to the agent.
Audit Metadata