agent-room
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. User-supplied content in the problem variable and chat history is interpolated directly into instructions for secondary agents (e.g., PROBLEM: {problem}) without sanitization or robust boundary markers. This allows potentially malicious instructions to influence the behavior of the spawned agents. -- Ingestion points: Untrusted data enters via the {problem} argument and {context} variable in SKILL.md. -- Boundary markers: The skill lacks robust delimiters or 'ignore' instructions to prevent the agent from following directives embedded in the problem description. -- Capability inventory: The skill is authorized to use Bash, WebFetch, and file system tools (Read, Grep, Glob), which increases the potential impact of a successful injection. -- Sanitization: No validation or escaping is performed on the input before it is used to generate prompts.
Audit Metadata