tool-selection
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill identifies a surface for indirect prompt injection as it parses user-provided operations to determine tool selection. 1. Ingestion points: The
[operation]argument in the/tools:selectcommand (references/select.md). 2. Boundary markers: Absent; no delimiters or ignore-instructions are specified for the operation string. 3. Capability inventory: The reference mentions coordination withexecute_sketched_editandRead/Grep. 4. Sanitization: No sanitization or validation logic for the input string is defined. - [NO_CODE] (SAFE): The skill is entirely documentation-based (Markdown) and does not include any scripts, binaries, or automated installation steps.
Audit Metadata