extract-vault-protocol-logo
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface detected. The skill reads data from external/untrusted files and passes that data as input to another automated skill.
- Ingestion points: Protocol-specific YAML files located in
eth_defi/data/vaults/metadata. - Boundary markers: Absent. There are no instructions to the agent to sanitize or ignore instructions embedded within the YAML metadata or the resolved homepage links.
- Capability inventory: File system read access, file system write access to
eth_defi/data/vaults/original_logos/, and the ability to trigger theextract-project-logoskill. - Sanitization: None detected. The skill directly interpolates values from files into the next step's inputs.
- [DATA_EXPOSURE] (SAFE): The skill accesses local repository data (
eth_defi/data/vaults/metadata) and writes to specific subdirectories. These actions are consistent with the stated primary purpose of maintaining protocol metadata and do not target sensitive user files or credentials.
Audit Metadata