idea-validation-autopilot
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection due to its core workflow of gathering external data and processing it without explicit sanitization or boundary markers.
- Ingestion points: Step 2 in
SKILL.mdexplicitly instructs the agent to 'Run 4 parallel research tracks' using 'web search + fetch' and 'repository/API lookup'. These are external, untrusted data sources. - Boundary markers: Absent. The instructions do not provide delimiters (like XML tags or triple quotes) or specific 'ignore embedded instructions' warnings for the fetched content.
- Capability inventory: The skill has the capability to create directories via shell commands (
mkdir -p reports) and write markdown files to the local filesystem (reports/directory) as defined in Step 7. - Sanitization: Absent. There is no instruction to validate, filter, or escape the content fetched from the web before it is written to the final report.
- Command Execution (SAFE): The skill uses basic shell commands for file organization.
- Evidence:
SKILL.mdStep 7 specifiesmkdir -p reports. This is a low-privilege command used for its intended purpose of organizing output files and does not present a high security risk.
Audit Metadata