error-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and process LLM traces which contain untrusted external data such as user inputs, tool outputs, and retrieved documents. This creates a surface for indirect prompt injection where malicious content within a trace could attempt to influence the agent's evaluation or categorization logic.
- Ingestion points: The skill collects and reads traces containing raw input and retrieved documents in Step 1 and Step 2.
- Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions to isolate the trace content from the agent's procedural instructions.
- Capability inventory: The skill uses natural language for analysis, proposes LLM-assisted clustering (Step 3), and includes Python-based calculations for failure rates (Step 5).
- Sanitization: No sanitization, escaping, or validation of the trace content is mentioned or required in the process.
Audit Metadata