ai
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection Surface detected. The skill instructs the agent to ingest untrusted external content and process it within a context that has active tool-execution and system-modification capabilities.
- Ingestion points: Untrusted data enters the agent context via
VectorStoreIndex.from_documents(docs)(SKILL.md). - Boundary markers: Absent. The skill provides no instructions for using delimiters or explicit 'ignore embedded instructions' warnings for external content.
- Capability inventory: The skill allows the creation of external tools (
mcp.Server), querying data engines (query_engine.query), and modifying model behavior through fine-tuning (get_peft_model). - Sanitization: Absent. There is no mention of sanitizing, validating, or escaping external content before it is interpolated into prompts or used by tools.
Recommendations
- AI detected serious security threats
Audit Metadata