judge
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted work products and conversation history to facilitate an automated evaluation pipeline, creating an indirect prompt injection surface.
- Ingestion points: The skill extracts context from conversation history, including original tasks and work outputs (Phase 1).
- Boundary markers: Uses structural tags like [ORIGINAL TASK] and [WORK OUTPUT] to isolate external data within the sub-agent prompts.
- Capability inventory: Uses the Task tool to dispatch requests to specialized sub-agents (sadd:meta-judge and sadd:judge).
- Sanitization: There is no explicit sanitization or filtering of the ingested content before it is interpolated into the prompts for the judge and meta-judge agents.
Audit Metadata