validation-pipeline
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its core functionality of reading and processing external documents. The skill reads user-specified target documents in Step 1 using the Read tool, which serves as an ingestion point for untrusted data. There are no explicit boundary markers or delimiters described in the instructions to isolate the document content or warn the agent to treat it as data rather than instructions. The skill has capabilities including the memory store tool and the execution of a validation pipeline helper script, which could be targeted by instructions embedded within a processed document. No sanitization, filtering, or validation of the input text is performed before it is passed to the analysis and scoring phases.
Audit Metadata