generating-glossaries-and-definitions
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process data from external sources such as 'Product documentation', 'Customer support tickets', and 'Competitor glossaries' (Step 1).
- Ingestion points: SKILL.md Step 1 identifies documentation, tickets, and search queries as input sources.
- Boundary markers: No specific delimiters or 'ignore embedded instructions' markers are defined for the imported text.
- Capability inventory: The skill only performs text generation and formatting. It does not contain any code (Python/Node.js), subprocess calls, file-write operations to the system, or network requests.
- Sanitization: None present; however, the lack of high-privilege capabilities (execution/network) limits the impact to the quality of the generated glossary text itself.
Audit Metadata