priority-signals
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): This skill is vulnerable to indirect prompt injection because it is designed to ingest and summarize data from potentially untrusted external sources like emails, meeting notes, and shared documents. An attacker could embed malicious instructions within these sources to influence the agent's prioritization logic or subsequent actions.
- Ingestion points: Untrusted data enters the agent context via
search,meeting_lookup, anduser_activitytools as described inSKILL.md. - Boundary markers: The skill does not define or use explicit boundary markers (like XML tags or specific delimiters) to separate untrusted data from the agent's core instructions in its query patterns.
- Capability inventory: While this specific skill file does not define tools for external network requests or file system modification, it acts as a reasoning engine that influences how the agent interprets user priorities.
- Sanitization: The skill includes a 'BE SKEPTICAL' section and 'Urgency Validity' tests. While these are good practices for accuracy, they are natural language instructions rather than technical sanitization or validation of the input data.
Audit Metadata