config
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection surface detected due to ingestion of untrusted data from local files.
- Ingestion points: The skill reads data from
.appsec/config.yamland.appsec/findings.jsonas specified in Step 1 and Step 2 of the workflow (SKILL.md). - Boundary markers: Absent. There are no explicit instructions or delimiters defined to ensure the agent ignores natural language instructions that might be embedded within the configuration values.
- Capability inventory: The skill is capable of reading, writing, and deleting files on the local file system, specifically targeting
.appsec/config.yaml(SKILL.md). - Sanitization: Present. The skill includes a 'Validation Rules' section that defines allowed values for configuration fields (e.g.,
default_scope,minimum_severity) and validates finding IDs against a JSON file, which provides a layer of defense against malicious input.
Audit Metadata