Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is vulnerable to indirect prompt injection because it interpolates untrusted data directly into its instructions.
- Ingestion points: The
$ARGUMENTSvariable inSKILL.mdaccepts external content to be transformed. - Boundary markers: Absent. The input is placed directly after the 'INPUT:' label without delimiters (e.g., XML tags or triple backticks) to separate instructions from data.
- Capability inventory: Display only. The skill generates text for the user and does not possess capabilities for network access, file system modification, or command execution.
- Sanitization: None detected. The agent relies on internal safety filters to handle malicious content in the input.
Audit Metadata