generate-judgements
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted content from external skill directories.
- Ingestion points: The workflow reads
SKILL.md,README.md, and reference files from target skill folders provided by the user (Phase 1). - Boundary markers: No explicit delimiters or instructions are provided to the agent to treat the ingested file content as untrusted data or to ignore embedded instructions.
- Capability inventory: The skill possesses the capability to read files and write YAML configuration files to the filesystem.
- Sanitization: There are no steps defined to sanitize, escape, or validate the content of the analyzed files before they are processed by the LLM for judgement generation.
Audit Metadata