whizz-mind
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns were detected. The skill is designed for searching and retrieving documents to answer user queries using a well-defined workflow.\n- [PROMPT_INJECTION]: The skill processes untrusted data from a knowledge base, which creates a surface for indirect prompt injection. This risk is inherent to RAG-based systems and is addressed as a low-severity finding.\n
- Ingestion points: External data enters the context via document content retrieval in
whizz-mind-get-documentandwhizz-mind-get-only-content-documenttools defined in SKILL.md.\n - Boundary markers: There are no explicit delimiters or specific instructions to the agent to treat retrieved document content as untrusted data or to ignore instructions embedded within it.\n
- Capability inventory: The skill possesses capabilities to modify the knowledge base through
whizz-mind-add-documentandwhizz-mind-add-comment, which could be triggered by instructions embedded in retrieved content.\n - Sanitization: The skill does not implement sanitization or validation for content fetched from the knowledge base.
Audit Metadata