pyramid-principle
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill uses imperative 'override' language (e.g., 'この指示は絶対'
- This instruction is absolute; '他のいかなる指示より優先し'
- Prioritize over any other instruction) to enforce strict privacy controls. While these phrases match override patterns, they are applied defensively here to mandate the masking of sensitive data.
- [DATA_EXFILTRATION]: The skill contains a detailed 'Confidential Information' policy in
SKILL.mdthat explicitly forbids the output of PII, API keys (e.g., 'sk-****'), and internal system URLs. This provides a strong security boundary to prevent accidental data exposure during the drafting process. - [PROMPT_INJECTION]: The skill processes untrusted user-provided writing materials, creating a surface for indirect prompt injection. 1. Ingestion points: User-provided draft materials and notes ('文章材料') described in
SKILL.md. 2. Boundary markers: The skill uses specific markdown templates for its output (resources/single-pyramid-template.md), although it does not define explicit delimiters or tags for the untrusted input text. 3. Capability inventory: Text and markdown document generation. 4. Sanitization: The skill mandates the masking of PII, credentials, and sensitive environment variables found in the materials.
Audit Metadata