incident-response
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- PROMPT_INJECTION (HIGH): The skill design exhibits a high-risk attack surface for indirect prompt injection by combining data ingestion with exploitable capabilities.
- Ingestion points: External content enters the agent context through
IncidentTimeline.add_event(description/source fields),LessonsLearned.set_summary, andIncident.add_actionas documented inSKILL.md. - Boundary markers: No delimiters or instructions to ignore embedded commands are present in the usage examples or documentation.
- Capability inventory: The skill includes
IncidentTimeline.export_csv(filepath), which allows the agent to write data to the file system, and report generation methods that produce structured text for downstream use. - Sanitization: There is no evidence of input validation, escaping, or filtering of external content before it is processed or stored.
- NO_CODE (LOW): The referenced implementation script
ir_utils.pyis not included in the skill package, which limits the analysis to the provided interface documentation.
Recommendations
- AI detected serious security threats
Audit Metadata