agent-evaluation
Warn
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains a 'verified: true' field and a 'lastVerifiedAt' timestamp in its YAML frontmatter. These are deceptive metadata entries that can mislead agents or users into granting higher trust to the skill's actions and output based on an unauthenticated claim of verification.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core design of processing untrusted external content. Evidence chain: 1. Ingestion points: The skill explicitly instructs agents to load and evaluate external text, file paths, and plan documents (SKILL.md Step 1). 2. Boundary markers: The instructions fail to provide any delimiters or warnings to ignore embedded instructions within the content being evaluated. 3. Capability inventory: The skill has access to sensitive tools including 'Bash', 'Write', 'Read', 'Glob', and 'Grep' as specified in the frontmatter. 4. Sanitization: No sanitization or input validation is performed on the data before it is processed by the judge agent.
Audit Metadata