analyze
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it is designed to ingest and interpret the content of external documents.
- Ingestion points: In Step 2, the skill recursively scans for and reads all markdown files in a target path to extract themes, claims, and metadata.
- Boundary markers: The instructions do not specify any delimiters or safety markers to differentiate between document content and agent instructions when reading files.
- Capability inventory: The agent has the capability to read the local filesystem, write an analysis report (Step 8), and perform file system operations like moving or renaming files (Step 10, Reorganize).
- Sanitization: There is no evidence of sanitization or filtering applied to the content of the documents before the agent processes them for theme and cluster analysis.
Audit Metadata