import-pipeline
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill creates a data-to-action pipeline that can be targeted by indirect injection. Evidence: 1. Ingestion points: Step 1 uses the Read tool to load the SKILL.md file from a template-derived path. 2. Boundary markers: The instructions lack explicit delimiters or instructions to ignore embedded commands in the read content. 3. Capability inventory: Step 3 invokes the Write tool to create .robot and .md files in the workspace. 4. Sanitization: There is no specification for escaping or validating the content before file creation.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or sensitive file paths were identified. File operations are limited to the local project workspace.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): No remote scripts are downloaded or executed, and no external package managers (npm, pip) are invoked.
Audit Metadata