assess-pci
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the $ARGUMENTS parameter.
- Ingestion points: User input provided in $ARGUMENTS is directly interpolated into the prompt used to spawn the security-auditor agent in SKILL.md.
- Boundary markers: There are no boundary markers or delimiters around the $ARGUMENTS variable to distinguish user input from the agent's core instructions.
- Capability inventory: The skill utilizes the Task and Skill tools to perform complex security audits and generate compliance reports.
- Sanitization: The skill lacks sanitization or validation logic to filter out potentially malicious instructions within the user-provided scope description.
Audit Metadata