client-proposal-generator
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the internet and processes it using sensitive tools. An attacker could place malicious instructions on a website that, when retrieved by the agent during the research phase, could influence the agent's subsequent actions.
- Ingestion points: The skill explicitly instructs the agent to use the
WebSearchtool in Step 1a to gather company overviews, news, and technology signals from external websites. - Boundary markers: The instructions do not provide any delimiters or markers to isolate the information retrieved from the web, making it difficult for the model to distinguish between instructions and data.
- Capability inventory: The skill is configured with the
Bash,Write,Read, andWebSearchtools, allowing for file system operations and command execution based on processed data. - Sanitization: There are no defined procedures for sanitizing, validating, or filtering the content retrieved from external sources before it is incorporated into the proposal or used in tool calls.
Audit Metadata