agent-user-tools
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to the handling of user-controllable data.
- Ingestion points: Data enters through the 'updates' object in 'user_update_profile' and the 'content' field in 'storage_upload' within SKILL.md.
- Boundary markers: The prompt lacks delimiters or specific instructions to ignore embedded instructions in user data.
- Capability inventory: The agent has the ability to write data to private and public storage buckets and initiate consultations with other agentic components.
- Sanitization: No sanitization, validation, or escaping of user-provided content is defined in the skill instructions.
Audit Metadata