agents
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill demonstrates patterns where untrusted user input is interpolated directly into LLM prompts without explicit boundary markers or sanitization, which creates a surface for indirect prompt injection. \n
- Ingestion points: Variables such as
text(intranslateCopy),question(inrouteQuestion), andarticle(infactChecker) inSKILL.mdare passed directly from input to the LLM. \n - Boundary markers: Absent; the code snippets show variables being placed directly into template strings without delimiters like XML tags or specific 'ignore instructions' warnings. \n
- Capability inventory: The tasks utilize the Vercel AI SDK to call external AI models and Trigger.dev's SDK to coordinate background tasks and parallel workers. \n
- Sanitization: No input validation or escaping mechanisms are shown in the example patterns.
Audit Metadata