text-truncator
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill processes untrusted external text and file content without sanitization or boundary markers.
- Ingestion points: The
truncate_textfunction inscripts/text_truncator.pyaccepts raw strings, andtruncate_text_from_fileaccepts file paths. - Boundary markers: Absent. The skill does not implement delimiters or 'ignore' instructions for the data it processes.
- Capability inventory: The script has the ability to read local files via
open(). While it cannot write or execute commands, the output is returned to the agent context. - Sanitization: None. The text is truncated purely based on length and punctuation.
- [Data Exposure & Exfiltration] (MEDIUM): The
truncate_text_from_filemethod inscripts/text_truncator.pyallows reading any file on the system that the agent process has permissions for. - Evidence: Line 139 in
scripts/text_truncator.py:with open(file_path, 'r', encoding=encoding) as f:. - Risk: If an agent is manipulated via prompt injection to provide sensitive paths (e.g., SSH keys or environment files) to this tool, the content will be exposed within the agent's reasoning chain or conversation history.
Audit Metadata