validated-knowledge-synthesis
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process untrusted content from external URLs and local files.
- Ingestion points: The
source_materialsparameter inSKILL.mdaccepts direct text, file paths, and URLs. - Boundary markers: There are no explicit instructions or delimiters defined to prevent the model from obeying instructions embedded within the source materials.
- Capability inventory: The skill possesses file-read and file-write capabilities via the
source_materialsandoutput_locationparameters, as well as network-read capabilities via URLs. - Sanitization: The workflow lacks sanitization or validation steps to filter potential malicious instructions from the input data.
- [DATA_EXFILTRATION]: The skill's ability to read from local file paths and write to a user-specified
output_locationcould be misused to expose sensitive information. - Evidence: The
output_locationparameter inSKILL.mdallows the agent to write the results of its synthesis to any accessible path on the filesystem. - Evidence: The
source_materialsparameter allows the agent to read contents from arbitrary file paths, which could include sensitive configuration or credential files if provided by an attacker. - [EXTERNAL_DOWNLOADS]: The skill fetches content from remote URLs, which constitutes a network operation to non-whitelisted domains.
- Evidence: The
source_materialsparameter documentation explicitly supports URLs as a source of information for the synthesis workflow.
Audit Metadata