evaluating-heuristics
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8).
- Ingestion points: Data is ingested from
_heuristic_tasks.jsonfiles using theReadtool, specifically targeting thepromptfield. - Boundary markers: Absent. The instructions in
SKILL.md(Step 2) explicitly tell the agent to 'Read the prompt field — it contains the full evaluation context including active rules', which encourages the agent to treat data as system-level instructions without isolation or delimiters. - Capability inventory: The skill is granted
ReadandWritepermissions, providing a potential attacker with a vector to access or modify local files if the injection is successful. - Sanitization: Absent. There are no mechanisms described to validate or sanitize the
promptfield content before processing.
Audit Metadata