vector-composition
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted text from the Scry public corpus, which introduces a surface for indirect prompt injection.
- Ingestion points: Untrusted data is ingested from various database views, such as scry.mv_high_score_posts and scry.entities, as described in SKILL.md.
- Boundary markers: The documentation includes a Guardrails section explicitly advising the agent to treat retrieved text as untrusted and to disregard instructions found within the data.
- Capability inventory: The skill uses curl to perform API-based search and embedding operations.
- Sanitization: Users are instructed to apply filters based on a content_risk column to identify and exclude potentially dangerous entries.
Audit Metadata