Skills
NYC
skills/qodex-ai/ai-agent-skills/document-chat-interface/Gen Agent Trust Hub

document-chat-interface

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • PROMPT_INJECTION (LOW): The skill possesses a significant attack surface for indirect prompt injection. It ingests untrusted data from multiple external sources and interpolates it directly into LLM prompts without sanitization or boundary markers.
  • Ingestion points: Data is ingested via extract_github_content, extract_web_content, extract_youtube_content, and extract_email_content in examples/document_processors.py.
  • Boundary markers: Absent. The generate_follow_up_questions function in examples/conversation_manager.py interpolates the first 500 characters of the context and response directly into a prompt template (Context: {context[:500]}) without using delimiters or instructions to ignore embedded commands.
  • Capability inventory: The skill performs network operations (requests to GitHub and web URLs) and file system reads (mailbox paths).
  • Sanitization: Absent. The preprocess_document function in examples/text_processor.py cleans whitespace and special characters but does not filter for malicious instructional content or escape characters that might break prompt structures.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:40 PM