whistleblower-policy-malik-taiar
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents a surface for Indirect Prompt Injection because its primary function involves auditing untrusted external documentation provided by the user. • Ingestion points: Documentation requested includes internal reporting procedures, communication materials, and templates (found in SKILL.md, Section 3). • Boundary markers: The instructions lack explicit boundary markers to differentiate between the agent's instructions and the content of the analyzed documents. • Capability inventory: The skill is limited to textual analysis and drafting; it lacks access to dangerous tools such as arbitrary shell command execution or network exfiltration. • Sanitization: There is no evidence of specific input sanitization or filtering for user-provided documentation.
- [SAFE]: The skill only references official and trusted government or regulatory domains, such as legifrance.gouv.fr for French legislation and cnil.fr for data protection guidelines.
Audit Metadata