artifact-analysis
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection.
- Ingestion points: Files and directories specified in
SKILL.md(via user-provided paths or auto-discovery) are read by subagents. - Boundary markers: The template in
references/subagent-brief.mddoes not specify the use of delimiters or 'ignore' instructions when processing document content. - Capability inventory: Subagents use filesystem tools (Read, Glob, Grep) and write findings to the local disk as specified in
references/subagent-brief.mdandSKILL.md. - Sanitization: There is no mention of sanitizing or escaping the content read from documents.
- [SAFE]: No external network operations or remote code downloads were detected. The skill operates as a local-filesystem primitive and explicitly skips sensitive file paths defined in
references/skip-patterns.md.
Audit Metadata