eval-guidance-actionability
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface.
- Ingestion points: The skill ingests 'assistant response text' in
SKILL.mdfor evaluation. - Boundary markers: Absent. The instructions do not specify the use of delimiters or 'ignore' instructions for the untrusted input.
- Capability inventory: None. The skill has no access to shell, file system, or network tools; it only generates JSON text.
- Sanitization: No sanitization or validation of the input text is implemented.
- Note: While an attacker could potentially manipulate the score or rationale in the resulting JSON, the lack of tool-use capabilities prevents any high-severity impact.
Audit Metadata