study-guide
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill provides instructions to ingest untrusted data from various sources (files, URLs, text) in Step 1. Because it lacks boundary markers or sanitization instructions, it is vulnerable to indirect prompt injection where malicious instructions embedded in the source materials could influence the agent's behavior. Evidence: 1. Ingestion points: Step 1 (Gather sources) specifically accepts files, URLs, and pasted text. 2. Boundary markers: Absent; there are no instructions to delimit source content or ignore instructions within it. 3. Capability inventory: Limited to content reading, analysis, and synthesis; no file-writing or subprocess execution found. 4. Sanitization: Absent; no logic provided to filter or escape external content.
- No Code (SAFE): The skill is composed entirely of natural language instructions and contains no executable scripts, shell commands, or package dependencies.
Audit Metadata