stakeholder-communicator
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Risk\n
- Ingestion points: The skill reads content from arbitrary technical documents or JSON reports specified via the
inputargument insrc/index.ts.\n - Boundary markers: The implementation does not include any delimiters (e.g., XML tags or triple quotes) or specific instructions to the agent to disregard commands embedded within the source documents.\n
- Capability inventory: The skill has filesystem access to read (
fs.readFileSync) and write (safeWriteFilefrom the@agent/corelibrary) files, providing an attack surface for data manipulation if the prompt logic is hijacked.\n - Sanitization: There is no evidence of sanitization, filtering, or validation of the input content before it is processed by the translation and extraction logic.
Audit Metadata