access-policy-designer
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill translates user-provided business requirements into database security policies and reports, creating a surface for indirect injection.
- Ingestion points: Business rule descriptions provided by the user for translation (e.g., 'Doctors can only see their own patients').
- Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded commands within the user-supplied business logic.
- Capability inventory: The skill is instructed to write reports and JSON metadata to the 'docs/database-report/' directory on the local file system.
- Sanitization: There is no evidence of validation or sanitization of the input rules before they are incorporated into the output Markdown and JSON reports.
Audit Metadata