Skills
skills/ruiwarn/skills/chip-manual/Gen Agent Trust Hub

chip-manual

Pass

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The script scripts/query_manual.py is vulnerable to indirect prompt injection. User-supplied input from the question argument is directly interpolated into a system prompt for the Gemini API using f-strings. This allows a user to potentially bypass the established 'Strict Rules' and influence the behavior of the chip manual query assistant.
  • Ingestion points: The question command-line argument in scripts/query_manual.py.
  • Boundary markers: While the manual content is delimited, the user-provided question is included following a simple label without any escaping or isolation from the instructions.
  • Capability inventory: The skill environment has access to powerful tools including Read, Write, Edit, and Bash. The query script itself performs network requests to the Gemini API.
  • Sanitization: No input validation, escaping, or sanitization is performed on the user's question before it is used to construct the prompt.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 23, 2026, 03:42 AM