file-reference
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest and interpret external file content, which is a common vector for indirect prompt injection attacks where a file contains instructions to divert the AI's behavior.
- Ingestion points: Uses the
Readtool to access files based on user references (@name, natural language). - Boundary markers: Absent. The prompt does not establish clear delimiters or instructions for the agent to ignore commands found within the analyzed files.
- Capability inventory: The skill is restricted to the
Readtool and does not possess file-writing, network access, or shell execution capabilities. - Sanitization: No sanitization or content validation steps are specified for the ingested file data.
Audit Metadata