content-atomizer
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via its core content processing workflow.
- Ingestion points: The skill ingests untrusted data from external sources including URLs (via the WebSearch tool) and local file paths (via the Read tool), as specified in Step 1 of the 'Atomization Process' in SKILL.md.
- Boundary markers: No explicit delimiters, such as triple quotes or XML tags, are defined to isolate untrusted source content from the agent's instructions, nor are there commands for the agent to ignore embedded instructions.
- Capability inventory: The agent has access to powerful tools including Read, Write, Edit, Grep, Glob, and WebSearch, which could be abused if the agent is manipulated into executing commands found in a malicious source document.
- Sanitization: The skill lacks logic to filter, escape, or validate the content retrieved from external sources before it is processed by the agent.
Audit Metadata