learnings-researcher
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes data from external documentation files which could contain hidden instructions.
- Ingestion points: Files retrieved from the
docs/solutions/directory and its subdirectories, as well asdocs/solutions/patterns/critical-patterns.md. - Boundary markers: Absent; there are no clear delimiters or instructions provided to the agent to disregard potential commands found within the documentation content.
- Capability inventory: The skill utilizes
GrepandReadtools to search for and extract information from local files. - Sanitization: Absent; the content retrieved from the files is distilled into summaries without any form of escaping or validation to prevent the execution of embedded instructions.
Audit Metadata