ground-response
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external documents provided via input arguments, creating a surface for indirect prompt injection.
- Ingestion points: Source content is read from the local file system using Read, Grep, and Glob tools based on user-supplied paths in SKILL.md.
- Boundary markers: The instructions do not define explicit delimiters or headers to isolate untrusted document content from the model's instruction context.
- Capability inventory: The skill's environment allows for file discovery, file reading, and writing to a task list; it does not authorize network access or arbitrary command execution.
- Sanitization: Content from source documents is not sanitized or filtered for embedded instructions before being processed by the model.
- Mitigation: The skill's requirement for word-for-word quote extraction and systematic verification of every claim against those quotes provides a functional guardrail that reduces the likelihood of the model following instructions embedded within the source data.
Audit Metadata