message-injector
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes and interpolates untrusted user-provided strings into a response. \n
- Ingestion points: The source text and template provided by users, as defined in SKILL.md. \n
- Boundary markers: The instructions do not define specific delimiters or safety warnings to prevent the agent from executing commands found within the source text. \n
- Capability inventory: The skill is limited to plain text output and explicitly forbids file writing, which significantly reduces the potential impact of an injection. \n
- Sanitization: No sanitization or validation of the input source text is specified. \n- [NO_CODE]: The skill consists entirely of natural language instructions in SKILL.md and test cases in evals/evals.json. It does not contain any scripts, binary files, or external software dependencies.
Audit Metadata