prompt-lookup
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): The skill is susceptible to Indirect Prompt Injection due to external content processing. * Ingestion points: Data enters through the
search_promptsandget_prompttools, which fetch content from the externalprompts.chatlibrary via the MCP server. * Boundary markers: No delimiters or explicit instructions are provided to the agent to treat retrieved prompt content as inert data rather than instructions. * Capability inventory: The skill is capable of fetching and displaying external templates and performing prompt improvements, which could amplify malicious payloads found in the source data. * Sanitization: The instructions do not specify any validation or sanitization for the retrieved prompts before they are presented to the user or processed by the agent.
Audit Metadata