carpenter
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and strictly follow an external 'Architect Blueprint' without using delimiters or instructions to ignore embedded commands.
- Ingestion points: The skill receives an 'Approved Architect Blueprint' as its primary input for construction (defined in
SKILL.md). - Boundary markers: There are no specified delimiters (e.g., XML tags or clear separators) or 'ignore' instructions provided to the agent to distinguish between legitimate content and potentially malicious instructions within the blueprint.
- Capability inventory: The skill is capable of generating long-form prose and finding source URLs for citations, which involves processing and outputting data based on the untrusted blueprint input.
- Sanitization: There is no evidence of sanitization, validation, or escaping logic applied to the blueprint content before it is processed by the agent.
Audit Metadata