triangulate
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill includes a 'Stage Output Correction' loop in
SKILL.mdthat automatically re-feeds malformed output back into the AI's prompt for correction. If a subagent's output is manipulated by malicious instructions within an artifact, this mechanism could unintentionally repeat and potentially execute those instructions during the retry attempt. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted 'original artifacts' across multiple stages without sufficient isolation.
- Ingestion points: Untrusted data is ingested as 'original artifacts' in
SKILL.mdand passed to the subagents defined inreferences/initializer.md,references/normalizer.md,references/adversary.md, andreferences/referee.md. - Boundary markers: The subagent prompt templates do not use clear delimiters or explicit instructions to treat the artifact content as data rather than instructions.
- Capability inventory: The skill has the ability to persist data to the
.context/triangulate/directory and generate a final findings report, which could be used to store or display malicious output. - Sanitization: There is no evidence of sanitization or validation of the input artifacts to strip potential injection strings before processing.
Audit Metadata