context-load
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests untrusted data from hidden Word documents (
.*.docx) and presents it to the agent, creating a surface for indirect prompt injection.\n - Ingestion points:
SKILL.mdusage example indicates reading from all hidden.docxfiles in the current directory.\n - Boundary markers: No delimiters or instructions to the agent to ignore instructions embedded in the documents are present.\n
- Capability inventory: The skill executes shell commands (
pandoc,cat) and reads file content into the agent's context.\n - Sanitization: No sanitization, validation, or escaping is performed on the content converted from the documents before it is processed by the agent.
Audit Metadata