report-generation
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection. * Ingestion points: Data is ingested through
rag_searchandmemory_searchtools which retrieve external or historical documents (SKILL.md). * Boundary markers: The provided report templates in Phase 3 and Phase 4 lack any boundary markers or instructions to treat retrieved data as untrusted, allowing embedded commands to be executed by the agent. * Capability inventory: The skill utilizes thefile_writetool, providing a direct side-effect channel where malicious instructions in retrieved data could manipulate the local filesystem (SKILL.md). * Sanitization: There is no evidence of data sanitization or validation before the gathered information is written to a file.
Recommendations
- AI detected serious security threats
Audit Metadata