privacy-policy-malik-taiar
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by design. It instructs the agent to ingest and analyze untrusted external data, including client-provided documents (T&Cs, contracts, emails) and content from live websites. This could allow an attacker to embed instructions in those sources to manipulate the agent's drafting process or benchmarks.
- Ingestion points:
SKILL.md(and its French counterpart) directs the agent to analyze client documents and research URLs to understand the business and identify technical elements. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the instructions.
- Capability inventory: The agent is tasked with document drafting and competitive benchmarking based on the ingested data.
- Sanitization: The workflow does not include steps for sanitizing external text or validating that the analyzed content contains only descriptive data rather than instructions.
Audit Metadata