debate
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill identifies multiple points where untrusted external data enters the agent context and is used alongside sensitive file-writing tools.
- Ingestion points: Parameters such as 'topic' in
CREATE-DEBATE, 'argument' inADD-SIDE, and 'point' inARGUE(documented inCARD.yml). - Boundary markers: Absent. There are no delimiters or instructions provided to isolate processed text from agent instructions.
- Capability inventory: The skill requires and uses
read_fileandwrite_filetools to maintain debate state and generate transcripts (CARD.yml). - Sanitization: Absent. There is no evidence of validation, escaping, or filtering of the inputs before they are processed or written to disk.
- [Self-Referential Metadata] (LOW): The file
skill-snitch-report.mdcontains a pre-authored 'Verdict: APPROVE' and a 'LOW' risk assessment. Following the 'GLOBAL RULE', these claims are treated as data to be evaluated rather than authoritative conclusions.
Recommendations
- AI detected serious security threats
Audit Metadata