blog-post
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external data from files and URLs, creating an attack surface for indirect prompt injection.
- Ingestion points: Data enters the agent context through file reading and URL fetching as described in Step 2 of SKILL.md.
- Boundary markers: Absent; the skill lacks delimiters or instructions to ignore potential commands embedded within the retrieved research materials.
- Capability inventory: The skill possesses the ability to read local filesystem contents and perform network operations to fetch remote content.
- Sanitization: Absent; there is no evidence of content validation or filtering of external data before it is interpolated into the drafting prompts.
Audit Metadata