chat
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill description employs directive language (e.g., 'CRITICAL', 'MUST', 'override') to prioritize tool activation and dictate agent behavior.
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection due to its data processing model. 1. Ingestion points: The skill retrieves external, untrusted chat content through the
chat.getMessagestool as described in SKILL.md. 2. Boundary markers: No delimiters or instructions to treat retrieved content as data-only are provided. 3. Capability inventory: The agent possesses capabilities to send messages (chat.sendMessage,chat.sendDm) and modify space configurations (chat.setUpSpace), which could be abused if malicious instructions are processed. 4. Sanitization: There is no evidence of content filtering or instruction-stripping logic to prevent the execution of embedded commands from chat messages.
Audit Metadata