system2-attention
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection. Untrusted input data (context and query) is interpolated directly into system prompts without delimiters or sanitization in the Python code snippets within SKILL.md. Evidence: 1. Ingestion points: context and query variables in the system2_attention function. 2. Boundary markers: Absent. 3. Capability inventory: The skill uses model.generate to process filtered context and defines bash commands for processing files. 4. Sanitization: None observed.
Audit Metadata