logs
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes application and job logs which are considered untrusted external data. Since the agent is instructed to summarize these logs and suggest fixes, it creates a surface for indirect prompt injection where content within the logs could attempt to influence agent behavior.\n
- Ingestion points: Application and job logs downloaded via the TrueFoundry API using the
tfy-api.shscript as defined inSKILL.md.\n - Boundary markers: The skill does not define specific delimiters or "ignore embedded instructions" warnings when presenting log content to the agent for analysis.\n
- Capability inventory: The agent has the ability to execute API calls via
tfy-api.shand may have access to other TrueFoundry skills for deployment or secret management in the same environment.\n - Sanitization: There is no mention of sanitizing, escaping, or filtering the log content before it is processed by the agent's summarization and debugging logic.
Audit Metadata