fast-io
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection by ingesting and analyzing untrusted content from various sources.
- Ingestion points: Data enters the agent context via file uploads, external URL imports using the web-import action, user-submitted comments, and markdown notes stored in workspaces as documented in SKILL.md.
- Boundary markers: The documentation does not specify the use of delimiters or provide instructions for the agent to ignore embedded instructions within these data sources when performing RAG or attachments.
- Capability inventory: The skill possesses significant capabilities including file modification and deletion via the storage tool, organizational ownership transfer via the org tool, and AI-driven document analysis via the ai tool.
- Sanitization: There is no evidence of sanitization or filtering of external content before it is processed by the AI or used in tool operations within the provided skill files.
Audit Metadata