skill-distiller
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill acts as a transformer for other agent instructions, creating a surface for indirect prompt injection. A malicious SKILL.md provided for distillation could attempt to influence the agent's behavior or the resulting distilled output.
- Ingestion points: The workflow ingests untrusted SKILL.md files in Phase 1 (Complexity Analysis) and Phase 2 (Trace Collection).
- Boundary markers: There are no explicit delimiters or instructions defined to isolate the processed skill content from the agent's own control logic.
- Capability inventory: The skill performs reasoning-heavy tasks such as complexity scoring, pattern extraction, and iterative validation across different models.
- Sanitization: No input sanitization or filtering of the source skill's content is described in the workflow.
Audit Metadata