document-qa
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection because it processes untrusted data from external sources via
rag_searchwithout explicit instructions to isolate or ignore instructions embedded in those documents. The presence of thememory_addtool increases the risk, as an attacker could potentially corrupt the agent's long-term memory. (Ingestion: Phase 2 retrieval; Boundary markers: Absent; Capability inventory: rag_search, kg_query, memory_add; Sanitization: Absent). - [No Code] (SAFE): This skill is entirely instructional markdown and does not include any scripts, binaries, or package dependencies, which significantly limits the direct execution attack surface.
Audit Metadata