recipe-diagnose
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by interpolating untrusted user input ($ARGUMENTS) into the prompts of several sub-agents without using boundary markers or sanitization logic.
- Ingestion points: User-provided problem descriptions enter via the $ARGUMENTS variable in SKILL.md.
- Boundary markers: The skill lacks explicit delimiters (such as XML tags or triple backticks) or specific instructions to ignore embedded commands when passing the user's problem description to the rule-advisor, investigator, and other sub-agents.
- Capability inventory: The orchestrator has the capability to invoke multiple specialized sub-agents via the Agent tool to process data and generate solutions.
- Sanitization: There is no evidence of input validation, escaping, or filtering of the user-provided text before it is interpolated into sub-agent prompts.
Audit Metadata