synthesis-patterns
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill is designed to ingest and process content from external, untrusted sources which provides a surface for indirect prompt injection attacks.
- Ingestion Points: The skill explicitly utilizes
search,meeting_lookup, andcode_searchto pull data into the context (SKILL.md). - Boundary Markers: The instructions do not define delimiters or provide 'ignore embedded instructions' prompts to prevent the agent from executing commands hidden within the ingested documents or transcripts.
- Capability Inventory: The skill enables access to highly sensitive organizational data including source code, employee information, and meeting records.
- Sanitization: There is no evidence of sanitization or validation of the external content before it is interpolated into the synthesis output.
Audit Metadata