stepback
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from conversation history and local files to generate its findings, which creates a surface for indirect prompt injection.
- Ingestion points: Conversation history and file system via Read, Grep, and Glob tools.
- Boundary markers: No delimiters or isolation instructions are defined for the processed data.
- Capability inventory: Tools are limited to data retrieval; code execution and agent recursion are strictly forbidden.
- Sanitization: No input validation or sanitization is mentioned.
Audit Metadata