pii-sanitizer
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWNO_CODEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is specifically designed to ingest and process untrusted external strings (
input_data). This presents a surface for indirect prompt injection where malicious instructions embedded in the data could influence the agent's behavior during the sanitization process. - Ingestion points:
input_datafield defined inskill.yaml. - Boundary markers: No specific delimiters or "ignore instructions" warnings are defined in the schema to isolate the untrusted data from the agent's operational logic.
- Capability inventory: Based on the provided files, the skill lacks side-effect capabilities such as file writing, network access, or command execution, which limits the potential impact of an injection to the agent's internal reasoning or output generation.
- Sanitization: No logic is provided to sanitize or escape instructions within the processed text; it focuses solely on PII redaction.
- [No Code Execution] (INFO): The skill consists of a YAML configuration and a Markdown documentation file. No implementation logic (Python, Node.js, or Shell) was provided. The analysis is limited to the defined metadata and intended behavior.
Audit Metadata