output-customization
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The framework uses high-pressure imperative language and instructions to override agent judgment. Patterns detected include "ABSOLUTE REQUIREMENT
- NEVER SKIP" and instructions to ignore findings not supported by external docs ("If official documentation does not explicitly prohibit something, do NOT flag it as an error"). This forces the agent to disregard its internal knowledge and safety guidelines in favor of potentially untrusted external content.
- INDIRECT_PROMPT_INJECTION (LOW): The skill establishes a vulnerability surface by requiring the ingestion of untrusted data from external sources.
- Ingestion points: Data is ingested via the
docs-managementskill and external MCP servers includingperplexityandmicrosoft-learn. - Boundary markers: No delimiters or "ignore embedded instructions" warnings are specified for the external data returned to the agent.
- Capability inventory: The agent uses ingested data to perform scoring (deducting points) and generate final audit reports.
- Sanitization: The framework lacks any instructions for sanitizing or validating the integrity of the content returned by external queries before it influences the audit outcome.
Audit Metadata