saga-patterns
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface identified. * Ingestion points: User-supplied transaction parameters and external information retrieved through the mcp__perplexity__search tool. * Boundary markers: No delimiters or isolation instructions are defined for processing untrusted data from the search tool. * Capability inventory: The skill is permitted to use Write, Edit, and Task tools, which could be misused if the agent obeys instructions embedded in external data. * Sanitization: No sanitization or validation logic is specified for the data ingested from the web search before it is used to generate design documents or perform file operations.
Audit Metadata