content-finalize-article
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external article content through file paths, creating an indirect prompt injection surface. An attacker could embed instructions within an article to manipulate the agent's behavior during the link-addition or fact-checking tasks.
- Ingestion points: Content is read from a user-specified file path ([article path]) and passed to sub-skills.
- Boundary markers: The skill does not use delimiters or explicit instructions to treat the article content as data rather than instructions.
- Capability inventory: The skill uses tools for reading and searching (Read, Glob, Grep) and invokes other skills that have the capability to modify local files.
- Sanitization: There is no validation or sanitization of the input file content before processing.
Audit Metadata