document-refinement
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): Indirect Prompt Injection Surface.
- Ingestion points: The
DOCUMENT = read target documentinstruction inSKILL.mdidentifies where external, potentially untrusted content enters the agent's context. - Boundary markers: The protocol lacks explicit delimiters (e.g., XML tags, triple quotes) or "ignore instructions" warnings to isolate the document content from the agent's logic.
- Capability inventory: The skill possesses file-read and file-write capabilities, as seen in
SKILL.mdwith instructions to "read target document" and "Apply auto-fixes directly to document". - Sanitization: There is no evidence of input validation or content sanitization to prevent the agent from inadvertently following instructions embedded within the document being reviewed.
Audit Metadata