feature-review
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill displays a surface for indirect prompt injection as it ingests untrusted data from specification files.\n
- Ingestion points: Content is read from a file path provided via the
argument-hintinSKILL.md.\n - Boundary markers: The instructions do not define delimiters to separate the specifications from the analysis guidelines.\n
- Capability inventory: The agent is restricted to text generation and analysis; no capabilities for file writing, network requests, or code execution are present.\n
- Sanitization: There are no specified mechanisms for validating or sanitizing the input data.
Audit Metadata