Skills
skills/sanity-io/agent-context/dial-your-context/Gen Agent Trust Hub

dial-your-context

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from Sanity datasets to verify instructions and query patterns.
  • Ingestion points: Data is ingested through GROQ query results during the 'Explore & Verify' stage (Step 4).
  • Boundary markers: The skill does not define specific boundary markers or instruction-ignoring delimiters for the retrieved dataset content.
  • Capability inventory: The agent can write to Sanity documents and perform network requests via the Sanity MCP endpoint if write access is granted.
  • Sanitization: There is no evidence of content sanitization or validation for the data retrieved from the external dataset before it is processed by the agent.
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The skill explicitly requests high-privilege Sanity write tokens or OAuth access to automate the creation and modification of context documents.
  • Credential handling: While no credentials are hardcoded, the skill encourages the input of sensitive API tokens to enable 'Path A' functionality.
  • Network operations: It constructs URLs containing encoded instructions and filters, which are sent to the Sanity API. This is consistent with the vendor's (sanity-io) intended service usage.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 12:14 PM