launchpad-custom-function
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill documentation identifies a potential surface for indirect prompt injection by describing workflows that ingest and process untrusted external data.
- Ingestion points: The documentation in
SKILL.mdexplicitly suggests use cases for "Parsing an Excel file that you uploaded" and extracting results into user-defined data structures. - Boundary markers: No specific delimiters or instructions to ignore embedded commands are provided in the documentation to isolate processed data from the agent's instructions.
- Capability inventory: The custom functions have the capability to execute arbitrary code in Java 11, Python 3.12, and Node.js 20 within an AWS Lambda environment, as described in
SKILL.mdand the language-specific reference files. - Sanitization: The skill lacks guidance on validating, escaping, or sanitizing the content retrieved from user-uploaded files before it is processed by the agent or used by the custom function logic.
Audit Metadata