cost-aware-llm-pipeline
Pass
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill processes untrusted input and sends it to an external LLM API, creating an indirect prompt injection surface. \n
- Ingestion points: Untrusted data enters via the
textparameter in theprocessfunction and theuser_inputvariable in messages (SKILL.md). \n - Boundary markers: Absent; no delimiters or explicit instructions are provided to the model to ignore embedded commands. \n
- Capability inventory: The skill facilitates network communication via
client.messages.createto the Anthropic API. \n - Sanitization: No input sanitization or validation logic is present in the code snippets. \n
- Note: Severity is set to LOW per [TRUST-SCOPE-RULE] because the exfiltration capability is limited to a trusted API provider (Anthropic).
Audit Metadata