agent-user-tools
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill possesses an attack surface where untrusted data could influence agent behavior.
- Ingestion points: Untrusted data enters the agent context through the
updatesobject inmcp__flow-nexus__user_update_profileand thecontentparameter inmcp__flow-nexus__storage_upload. - Boundary markers: Absent. There are no instructions or delimiters provided to help the agent distinguish between its own system instructions and potentially malicious instructions embedded within user profiles or uploaded files.
- Capability inventory: The agent has the ability to write to storage buckets (
mcp__flow-nexus__storage_upload) and interact with other AI entities (mcp__flow-nexus__seraphina_chat), which could be leveraged if an injection is successful. - Sanitization: Absent. The skill documentation does not mention any validation, escaping, or sanitization of the data being processed or stored.
Audit Metadata