claude-api
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides implementation patterns for autonomous agents (e.g., Coding Agent, Support Agent) that process data from external sources such as project requirement files, user messages, and tool outputs.
- Ingestion points: Data from
features.md, user-provided support queries, and financial market data tool results. - Boundary markers: The architectural examples provided do not specify the use of delimiters or explicit instructions for the agent to disregard potential instructions embedded in the ingested data.
- Capability inventory: The agents are designed to use various tools including file editing, command-line execution (
Bash), and web interaction (WebFetch). - Sanitization: The provided code snippets demonstrate functional logic but do not include explicit input sanitization or validation steps for content retrieved from external sources.
Audit Metadata