competing-hypotheses
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified. The skill ingests untrusted data from user input, source code, and logs during its hypothesize and investigation phases. This data is subsequently interpolated into the prompts of sub-agents (investigators) spawned via the Task tool.
- Ingestion points: User-provided problem descriptions, codebase exploration, and log analysis.
- Boundary markers: There are no explicit instructions to use delimiters or "ignore" directives to isolate untrusted content from system instructions in sub-agent prompts.
- Capability inventory: The lead investigator and sub-agents utilize tools like Task, TeamCreate, and SendMessage, with Phase 4 allowing for file modifications.
- Sanitization: No sanitization or validation mechanisms are defined for the data before it is passed to sub-agents.
Audit Metadata