editing
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface because it ingests and analyzes manuscript content that could contain adversarial instructions designed to subvert the agent's editing logic or database integrity.
- Ingestion points: Untrusted manuscript data is retrieved from the 'section' and 'chapter' tables in the database backend, specifically referenced in 'SKILL.md' and 'consistency-check.surql'.
- Boundary markers: There are no explicit delimiters or instructional guardrails defined to separate the potentially malicious manuscript content from the agent's own task instructions.
- Capability inventory: The skill has significant capabilities, including the ability to perform automated database updates via 'UPDATE' statements in 'continuity.md' and the 'Auto-fix' mode described in the workflow.
- Sanitization: The documented workflow does not include any sanitization, filtering, or validation steps to check manuscript content for embedded instructions before it is presented to the LLM for analysis.
Audit Metadata