ln-002-best-practices-researcher
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it ingests external, potentially untrusted data to generate documentation.
- Ingestion points: The
story_contextparameter inSKILL.mdis used to provide context for research and document generation. - Boundary markers: There are no defined delimiters or instructions to the agent to disregard embedded instructions within the
story_contextinput. - Capability inventory: The skill has the capability to perform web searches and write files to the local file system (e.g.,
docs/guides/,docs/adrs/). - Sanitization: The skill does not implement sanitization or validation of the
story_contextbefore interpolating it into documentation templates.
Audit Metadata