elicitation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill possesses a surface for indirect prompt injection by ingesting and acting upon external code files without strict isolation or sanitization.
- Ingestion points: Code files produced in previous phases are read into the agent context in
step-01-analyze-code.md. - Boundary markers: Absent; the instructions do not require the use of delimiters or 'ignore embedded instructions' warnings when presenting the code to the model for review.
- Capability inventory: Across all scripts, the skill has the capability to modify system files as defined in
step-04-self-correct.md. - Sanitization: No sanitization, escaping, or validation of the ingested code content is performed to prevent instructions hidden in comments or strings from influencing the agent's behavior.
Audit Metadata