fact-check
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of untrusted data from external sources and generated content.
- Ingestion points: The skill ingests 'generated content' and 'external sources' during its Phase 1 (Extraction) and Phase 3 (Source Verification).
- Boundary markers: The instructions lack explicit delimiters (e.g., XML tags or triple quotes) to separate the untrusted data from the verification instructions, increasing the risk that the agent might follow instructions embedded in the text being checked.
- Capability inventory: The skill has the capability to read from and write to project files, including 'context/output-config.md' and the '.fact-check-output.md' file, as well as creating new output files in user-specified directories.
- Sanitization: There is no mention of sanitizing the input data or validating the file names generated from the content, which could lead to path traversal if not handled carefully by the underlying agent.
Audit Metadata