fastgpt-design-skill
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The system described is a RAG platform that processes untrusted data from various sources like files and websites, as noted in
core/dataset/index.md. This creates a surface for indirect prompt injection.\n - Ingestion points: Data enters through local files, links, and crawling (
core/dataset/index.md).\n - Boundary markers: The documentation does not specify explicit prompt delimiters or instructions to isolate ingested data from system instructions.\n
- Capability inventory: The system supports high-risk workflow nodes for code execution (
code) and network requests (httpRequest468), as documented incore/workflow/index.md.\n - Sanitization: The documentation highlights the mandatory use of Zod schemas for input and output validation at the API layer (
common/api/index.md), which mitigates direct API injection but not context-level prompt injection.
Audit Metadata