skill-composer
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's architecture facilitates a surface for indirect prompt injection by design.
- Ingestion points: The skill processes untrusted input from the user (workflow goals) and the output data generated by other skills in the pipeline (e.g., web research or analysis results).
- Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from executing instructions that might be embedded within the data passed from one skill to the next.
- Capability inventory: The skill enables high-privilege tools, including
Bash,Read,Write, andEdit, across the entire pipeline. - Sanitization: The workflow model lacks built-in sanitization or validation logic to filter or escape potentially malicious instructions found in the data flow.
Audit Metadata