messaging
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes data from external sources within its environment.
- Ingestion points: Data is pulled from the library via tools such as search_knowledge_base, get_entity, get_playbook, and list_findings.
- Boundary markers: The skill does not explicitly use delimiters or 'ignore embedded instructions' warnings when interpolating library data into its generation prompts.
- Capability inventory: The skill has the capability to generate content and write changes back to the library using add_value_props and update_entity.
- Sanitization: There is no evidence of sanitization or structural validation for the data retrieved from the library before it is used to influence the agent's output.
Audit Metadata