extract-flow-scenario
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The instructions are focused on formatting and structuring data. There are no attempts to bypass safety filters, extract system prompts, or override agent behavior.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths, or network operations were detected. The skill only processes text within the conversation context.
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from the conversation context. While an attacker could theoretically embed instructions in that context, the skill has no capabilities (code execution, file writing, or network access) to exploit, as indicated by 'disable-model-invocation: true'.
- [Remote Code Execution] (SAFE): No scripts or external packages are included or downloaded.
- [Persistence & Privilege Escalation] (SAFE): The skill does not perform any system-level operations or attempt to maintain access across sessions.
Audit Metadata