incident-response-incident-response
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by interpolating untrusted incident data into prompts for powerful subagents.\n
- Ingestion points: The
$ARGUMENTSvariable inSKILL.mdis used to ingest external data from incident alerts and monitoring systems.\n - Boundary markers: The skill does not employ explicit delimiters (such as XML tags or triple quotes) or 'ignore embedded instructions' warnings when passing
$ARGUMENTSto subagents, which could lead to the subagents misinterpreting data as instructions.\n - Capability inventory: The workflow triggers subagents with high-impact roles, including
deployment-strategies::deployment-engineer(executing emergency deployments),backend-development::backend-architect(implementing production fixes), andsecurity-scanning::security-auditor.\n - Sanitization: No input validation, escaping, or sanitization logic is specified to filter the content of
$ARGUMENTSbefore it enters the agent context.
Audit Metadata