summarization
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) due to its core functionality of processing untrusted external data.
- Ingestion points: The skill explicitly uses the
Readtool for local files/directories and theWebFetchtool for arbitrary remote URLs provided by users. - Boundary markers: The workflow lacks instructions to use boundary markers (like XML tags or delimiters) or explicit 'ignore embedded instructions' warnings when processing retrieved content.
- Capability inventory: The agent is granted capabilities to perform file system discovery (
Glob), file reading (Read), and network retrieval (WebFetch). - Sanitization: No sanitization, validation, or escaping logic is defined for the content before it is interpolated into the summarization prompt.
- [NO_CODE]: This skill contains no executable scripts (Python, JavaScript, etc.) or binary files. It consists entirely of markdown-based instructions for the AI agent.
Audit Metadata