recipe-diagnose
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user input by interpolating it directly into prompts for sub-agents such as the 'investigator' and 'rule-advisor'. There are no explicit boundary markers or sanitization steps to prevent the user input from overriding the sub-agents' instructions.
- Ingestion points: The 'Problem reported by user' is ingested in Step 0.3 and Step 1 prompts.
- Boundary markers: No delimiters or safety instructions (e.g., XML tags or triple quotes) are used to isolate the user-provided phenomenon description from the agent's system instructions.
- Capability inventory: The skill can invoke sub-agents using the Task tool and interact with the user via the AskUserQuestion tool. It does not possess direct file system or network access.
- Sanitization: No input validation, escaping, or filtering is performed on the user-provided data before interpolation.
Audit Metadata