sow-generator
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its reliance on untrusted external data sources to generate document content.
- Ingestion points: The skill ingests data from external
WebSearchresults and user-provided project briefs, which are used to populate the 'Executive Summary' and 'Background and Context' sections of the SOW. - Boundary markers: There are no explicit delimiters or instructions provided in the prompt to ensure the agent distinguishes between formatting instructions and potentially malicious commands embedded in the external search results or project briefs.
- Capability inventory: The skill is configured with access to the
BashandWritetools. If the agent is successfully manipulated via indirect injection, these tools could be used to execute unauthorized shell commands or modify local files. - Sanitization: The skill does not perform any validation, filtering, or escaping of the content retrieved from web searches before processing it.
Audit Metadata