enterprise-search
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill is designed to ingest and process data from external enterprise sources (Confluence, Slack, Wikis, RFCs) that are not under the direct control of the AI agent's instruction set. Maliciously crafted content within these sources could potentially override agent behavior.
- Ingestion points: Data enters the agent context through the
search,chat, andread_documenttools as described in the Workflow section ofSKILL.md. - Boundary markers: Absent. The instructions do not define delimiters or explicit "ignore embedded instructions" warnings when handling retrieved text.
- Capability inventory: The skill is limited to information retrieval, vetting, and synthesis. It does not explicitly define file-write, shell execution, or external network exfiltration capabilities, which limits the severity to MEDIUM.
- Sanitization: While the skill includes "Relevance", "Freshness", and "Authority" tests, these are focused on data quality rather than security sanitization against adversarial instructions hidden in the text.
Audit Metadata