search-first
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by instructing the agent to ingest and 'adopt' content from external libraries, documentation, and local skill folders.
- Ingestion points: Workflow steps direct the agent to search local project files, user-level agent configuration directories (e.g.,
~/.claude/skills,~/.gemini/skills), and ecosystem sources. - Boundary markers: No explicit delimiters or instructions are provided to help the agent distinguish between data and potentially malicious embedded instructions in discovered files.
- Capability inventory: The agent utilizes file system search and read capabilities to evaluate and incorporate external logic.
- Sanitization: The skill does not specify any sanitization or validation requirements for content before it is processed or adopted by the agent.
Audit Metadata