proposal
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is subject to potential indirect prompt injection because it processes data from external sources that could contain malicious instructions.
- Ingestion points: Data enters the agent's context through tools such as
list_findings(summarizing call transcripts) andsearch_resources(retrieving uploaded documents) inSKILL.md. - Boundary markers: There are no explicit instructions for the agent to treat this external content as untrusted or to ignore embedded instructions during the proposal generation phase.
- Capability inventory: Across its workflow, the skill facilitates writing HTML files to the local file system within the
.octave-proposals/directory. - Sanitization: No specific sanitization or escaping procedures are defined for the external content before it is interpolated into the final HTML document.
- [EXTERNAL_DOWNLOADS]: The generated HTML proposal template references Google Fonts via external URLs (
fonts.googleapis.com). This is a well-known and trusted service used for document styling and does not represent a security risk.
Audit Metadata