mel-framework-citation
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process user-provided documents such as donor reports, evaluation designs, and theories of change. These documents represent an untrusted input surface where indirect prompt injections could be embedded to influence the agent's output or tool usage.
- Ingestion points: User-provided MEL/SRHR deliverables (SKILL.md).
- Boundary markers: None identified in the provided instructions.
- Capability inventory: Uses WebSearch and WebFetch tools (SKILL.md).
- Sanitization: No explicit sanitization or filtering of input data is mentioned before processing.
- [DATA_EXFILTRATION]: The verification protocol mandates the use of web search and fetch tools to confirm citation details. If the source documents contain sensitive project data or non-public information, these details could be inadvertently leaked to external search engines or websites during the automated verification process.
Audit Metadata