q-topic-finetuning
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The
scripts/classify_outliers.pyscript is susceptible to indirect prompt injection during document reclassification. \n - Ingestion points: Untrusted content is read from the 'text' column of the input Excel file and processed by the agent in
scripts/classify_outliers.py. \n - Boundary markers: The script employs minimal delimiters ("Document:\n") to demarcate document text, which may fail to prevent the LLM from executing instructions hidden within the input data. \n
- Capability inventory: The script's operational scope is limited to writing classification results (Topic, Confidence, and Key Phrases) to an Excel file (
output_with_outliers.xlsx); it does not possess the capability to execute system commands or perform arbitrary network operations. \n - Sanitization: No sanitization, validation, or escaping of the ingested document text is implemented before its interpolation into the prompt template. \n- [DATA_EXFILTRATION]: The
scripts/classify_outliers.pyscript transmits document content to the Google Gemini API for classification. This utilizes the official GenAI SDK to interact with a well-known service for the skill's primary function and does not involve the transfer of sensitive local files.
Audit Metadata