discovery
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The discovery workflow creates an attack surface for indirect prompt injection by processing external sources. Ingestion points: Phase 1 Gathering collects sources like URLs and documents (SKILL.md). Boundary markers: The instructions do not specify any delimiters or warnings to disregard instructions within gathered materials. Capability inventory: The skill uses MCP tools to set workflow state and commit synthesized reports to the repository (SKILL.md). Sanitization: No mechanisms for sanitizing or validating ingested content are described.
Audit Metadata