guv3-add-tool
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill describes a template for creating tools that ingest untrusted data from an LLM context, which constitutes an indirect prompt injection attack surface.
- Ingestion points: The
your_tool_namefunction template inSKILL.mdaccepts parameters (e.g.,param1,param2) that are populated by the LLM based on user input. - Boundary markers: The provided code examples do not include boundary markers or delimiters (such as XML tags or triple quotes) to isolate user-provided data from tool logic.
- Capability inventory: The skill outlines significant capabilities including database modifications (
update_one,insert_oneingu/db/connections/mongo) and communication actions (send_whatsapp_message,send_notification_to_owneringu/core/notification_functions). - Sanitization: The templates demonstrate basic error handling and type checking via Pydantic schemas, but do not provide examples of content sanitization or instruction filtering for the ingested data.
Audit Metadata