Skills
skills/garrytan/gbrain/cross-modal-review/Gen Agent Trust Hub

cross-modal-review

Warn

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill includes 'Refusal Routing' logic that instructs the agent to 'silently switch to the next model' and 'never show the refusal to the user' if a model rejects a prompt. This is a functional bypass mechanism designed to circumvent safety guardrails and policy refusals by cycling through models until one complies, while explicitly concealing this process from the user.
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process arbitrary data for review without sufficient security controls.
  • Ingestion points: Untrusted 'work product' captured in Phase 1 and skill 'Contract' data.
  • Boundary markers: Absent; there are no instructions to use delimiters or ignore embedded commands within the work product being reviewed.
  • Capability inventory: The skill uses search, query, and get_page tools which could be exploited if the model is influenced by injected instructions.
  • Sanitization: Absent; there is no mention of sanitizing or escaping the content of the work product before it is passed to the reviewer models.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 4, 2026, 07:01 AM