consensus-voting
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection due to its core function of collecting and evaluating natural language rationales from multiple potentially untrusted agents or external sources.
- Ingestion points: Data enters the agent's context during the 'Collect Votes' step in
SKILL.md, where rationales and confidence scores are gathered. - Boundary markers: There are no specific delimiters or instructional barriers (e.g., 'ignore embedded instructions') defined to prevent the agent from acting upon instructions hidden within the rationales.
- Capability inventory: The skill is configured with high-privilege tools including
Bash,Write, andEdit, which increases the risk if an injection successfully steers the agent's actions. - Sanitization: No validation or sanitization logic exists in the provided scripts or instructions to filter out executable commands or prompt overrides from the gathered input.
Audit Metadata