ai-agent-builder
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill outlines patterns for agents that ingest data from untrusted external sources and use tools with significant capabilities, which constitutes an indirect prompt injection surface.
- Ingestion points: External data flows into the agent via webhooks, Slack messages, and Telegram messages (SKILL.md).
- Boundary markers: The provided system prompt templates (e.g., Support Agent, Research Assistant) do not include explicit delimiters or instructions to treat external data as untrusted content.
- Capability inventory: The workflows describe the use of impactful tools such as
database_query,send_email,jira_lookup, andcreate_ticket(SKILL.md). - Sanitization: The templates do not demonstrate input validation, sanitization, or filtering of incoming messages before they are processed by the LLM.
- [NO_CODE]: The skill is composed of architectural documentation, YAML configuration templates, and markdown descriptions. It does not include any executable scripts or binary files that run on the host environment.
Audit Metadata