review-context
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests and processes untrusted content provided by the user, establishing an attack surface for indirect prompt injection.
- Ingestion points: Content is retrieved via the
Read,Glob, andGreptools based on the$ARGUMENTSparameter as defined in theSKILL.mdworkflow. - Boundary markers: The instructions do not specify any explicit delimiters or "ignore previous instructions" directives to isolate the content being analyzed from the agent's internal logic.
- Capability inventory: The skill is strictly limited to read-only tools (
Read,Glob,Grep) and lacks any capability for executing code (e.g., shell or python), modifying files, or accessing the network. - Sanitization: No explicit sanitization or filtering logic is implemented to detect or strip malicious instructions that might be embedded in the user-provided code or documents.
Audit Metadata