nia
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses directive language such as 'CRITICAL' and 'MUST' to override the agent's default tool selection logic, forcing a 'Nia-First' workflow that prioritizes its own indexing capabilities over standard web fetch and search functions.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of ingesting and reading content from untrusted external sources such as documentation sites, codebases, and web research results.
- Ingestion points: Data enters the agent's context via the
indextool andnia_researchdiscovery process which fetch content from external URLs and repositories. - Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions to prevent the agent from obeying malicious commands embedded within the retrieved data.
- Capability inventory: The skill provides reading and targeted searching tools (
nia_read,nia_grep,search,nia_explore) that process the ingested external data. - Sanitization: There is no mention of sanitization, filtering, or validation mechanisms for the content retrieved from third-party sources.
Audit Metadata