multi-model-meta-analysis
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because its core workflow involves processing untrusted data (outputs from other AI models) and using that data to guide tool execution.
- Ingestion points:
SKILL.mdinstructs the agent to parse and extract claims from 'feedback/analysis from multiple LLMs' provided by the user. - Boundary markers: Absent. The skill provides no instructions to wrap untrusted data in delimiters or warnings to ignore embedded instructions within the analyzed content.
- Capability inventory: The skill explicitly directs the agent to use high-privilege filesystem tools, specifically
Grep,Glob, andRead, to verify claims across the codebase. - Sanitization: Absent. There is no requirement for the agent to sanitize the extracted claims before using them to drive file-searching logic, which could allow a malicious claim to trick the agent into accessing sensitive files (e.g., .env or config files) and including their contents in the final 'Synthesized Assessment'.
Audit Metadata