doppel
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill uses strong negative constraints to enforce a strict output format. Instructions such as "NEVER respond with questions" and "NEVER say 'I can't'" are used to override default conversational behaviors to ensure only valid MML is produced.\n- [PROMPT_INJECTION]: The skill processes untrusted external data, creating an indirect prompt injection surface.\n
- Ingestion points: Untrusted data enters the context via chat history and space MML documents retrieved from {serverUrl}.\n
- Boundary markers: Absent. There are no instructions for the agent to use delimiters or ignore instructions within the ingested content.\n
- Capability inventory: The agent can perform network requests and publish messages or code to external servers.\n
- Sanitization: Absent. The skill does not provide methods for validating or escaping content retrieved from external sources.
Audit Metadata