library
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill design includes a surface for indirect prompt injection by allowing external data ingestion to influence agent behavior.
- Ingestion points: External content enters the agent context via the
sourcesparameter (which accepts URLs and text) in thecreate_playbook,create_entity,update_entity, andcreate_resourcetools defined inSKILL.md. - Boundary markers:
SKILL.mddoes not provide instructions for the agent to use delimiters or instructions to ignore embedded commands when processing content from external sources. - Capability inventory: The agent can perform significant modifications to the environment, including
create_entity,update_playbook, anddelete_resource, as documented inSKILL.md. - Sanitization: The skill instructions do not specify any validation or sanitization requirements for data fetched from remote URLs before it is processed by the model.
Audit Metadata