launch
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection risk surface detected. The skill aggregates data from a knowledge base and user-provided descriptions to generate content and update internal entities.
- Ingestion points: Data enters the context via
get_entity,search_knowledge_base, andget_playbooktools, as well as user-defined descriptions in the/octave:launchcommand flow. - Boundary markers: The instructions interpolate retrieved data (e.g.,
<product details, launch positioning>,<full library context>) directly into generation tools likegenerate_contentandgenerate_emailwithout using protective delimiters or instructions to ignore embedded commands. - Capability inventory: The skill utilizes
create_entity,update_entity, andgenerate_email, providing significant write and outbound communication capabilities that could be influenced by malicious data. - Sanitization: There is no evidence of sanitization or validation of retrieved library content before its use in generation or update functions.
Audit Metadata