llm-integration
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill implements a high-privilege attack surface combining external data ingestion with tool execution. Ingestion points: Untrusted content is ingested via 'vectorDb.search' in the 'retrieveAndGenerate' function (SKILL.md). Boundary markers: The implementation lacks delimiters or 'ignore embedded instructions' warnings when interpolating external context into prompts. Capability inventory: The 'agentLoop' (SKILL.md) uses 'executeToolCall' to perform actions based on LLM responses which may be influenced by injected instructions. Sanitization: No sanitization or validation of LLM output is present in the code examples despite being noted as an anti-pattern in the text.
- [External Downloads] (LOW): The skill references the '@anthropic-ai/sdk' package. This is classified as LOW severity because 'anthropics' is a trusted organization under the global trust-scope rules.
Recommendations
- AI detected serious security threats
Audit Metadata