influence-and-negotiation
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's workflow involves ingesting and analyzing untrusted data from multiple external channels, creating a surface for indirect prompt injection.
- Ingestion points: In
references/context-intake.md(Step 1 and Step 2), the agent is instructed to collect raw material from potentially attacker-controlled sources, including email threads, Slack messages, LinkedIn profiles, and general web search results. - Boundary markers: There are no explicit instructions or structural delimiters (e.g., specific tags or 'ignore' commands) to ensure the agent disregards instructions that might be embedded in the processed external content.
- Capability inventory: The skill possesses high-privilege capabilities, including file system access (
Read,Edit,Write) and the ability to delegate tasks to sub-agents (Agenttool). Malicious instructions embedded in external data could potentially abuse these tools. - Sanitization: The provided instructions do not include steps for validating, filtering, or escaping content retrieved from external sources before it is processed or stored in the local memory files.
Audit Metadata