quarto-alt-text
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
grepto locate figure labels and line numbers within Quarto (.qmd) files. This is a standard search operation for indexing project content. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes user-provided file content.
- Ingestion points: Reads content from
.qmdfiles located in the workspace. - Boundary markers: No delimiters or instructions are used to separate untrusted file content from the agent's internal instructions.
- Capability inventory: Executes
grepfor file discovery and performs file reading for context extraction. - Sanitization: Content from files is processed directly without sanitization or validation to filter out potential malicious instructions.
Audit Metadata