d
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructions specify that user input from command arguments should be directly substituted into the
{INPUT}placeholder within a prompt template. This pattern creates a direct injection surface. - [PROMPT_INJECTION]: The prompt template lacks boundary markers (such as XML tags or unique delimiters) to separate the user-provided word from the agent's instructions, increasing the risk of the model obeying commands embedded in the input.
- [PROMPT_INJECTION]: Vulnerability Assessment:
- Ingestion points: Untrusted user data from the
/dcommand is used in theSKILL.mdinstructions. - Boundary markers: None. The input is simply placed inside a string.
- Capability inventory: Spawns a
haikumodel subagent to execute the instructions. - Sanitization: No escaping, validation, or filtering is applied to the
{INPUT}variable before interpolation.
Audit Metadata