ai-ethics-auditor
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (MEDIUM): The skill's design is vulnerable to indirect prompt injection as it processes external content without sufficient safeguards. 1. Ingestion points: Data enters the context through files specified in the
inputargument (SKILL.md). 2. Boundary markers: No delimiters or 'ignore' instructions are defined to separate untrusted input from the agent's internal logic. 3. Capability inventory: The skill has the capability to write reports to a user-defined path via theoutargument and explicitly accesses 'Confidential' and 'Personal' knowledge tiers. 4. Sanitization: There is no mention of input validation or content sanitization. This allows a malicious dataset or prompt to potentially trick the agent into exfiltrating sensitive information into the audit output.
Audit Metadata