prioritization
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a workflow where untrusted data is processed by an LLM to determine task urgency, creating an indirect prompt injection surface.
- Ingestion points: Untrusted content is introduced into the agent's context via the
ingest_request()function in theprioritization_looplogic withinSKILL.md. - Boundary markers: The implementation pattern lacks the use of delimiters or explicit system instructions to ignore potential commands embedded within the ingested task data.
- Capability inventory: The skill facilitates the execution of processed tasks via
worker_agent.run(), which could be exploited if an attacker successfully manipulates the priority or content of the task through injection. - Sanitization: The documentation does not specify or provide any sanitization, filtering, or validation steps for the input data before it is evaluated by the manager agent.
Audit Metadata