briefing-document
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it processes untrusted external content without sufficient safeguards. * Ingestion points: The 'Gather sources' step explicitly instructs the agent to read files and fetch URLs. * Boundary markers: There are no instructions to wrap or delimit external content to prevent it from being interpreted as instructions by the LLM. * Capability inventory: While no code is provided in this skill, the instructions assume the agent has file-reading and URL-fetching capabilities. * Sanitization: The workflow lacks steps to sanitize or validate the content of retrieved sources before synthesis.
- NO_CODE (SAFE): The skill is composed entirely of markdown instructions (SKILL.md) and does not include any Python scripts, Node.js packages, or binary executables, significantly reducing the direct attack surface.
Audit Metadata