structured-output
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process untrusted external data such as product reviews, emails, and invoice text to be passed to an LLM. This design pattern creates a surface for indirect prompt injection where malicious instructions embedded in the source data could attempt to manipulate the structured output or influence the agent's behavior.
- Ingestion points: Methods like
analyzeReview(review),extractEvent(text),analyze_email(email_text), andstructuredLLM(..., prompt)accept raw string inputs from potentially untrusted sources (found inSKILL.md). - Boundary markers: Example code does not implement delimiters (e.g., triple quotes, XML tags) or explicit instructions to ignore embedded commands within the processed data.
- Capability inventory: The skill utilizes OpenAI and Anthropic APIs to extract and transform unstructured text into structured JSON models (found in
SKILL.md). - Sanitization: The provided strategies do not include input sanitization or filtering logic to detect or neutralize instructions before they are interpolated into the system or user prompts.
Audit Metadata