post-merge-voice-gate
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it analyzes
output/DRAFT.md, which contains content generated in previous automated steps. If this draft content contains malicious instructions, the agent may be influenced by them during analysis. - Ingestion points: The skill reads and processes
output/DRAFT.mdandoutline/transitions.mdwithin its analysis workflow. - Boundary markers: The role prompt in
SKILL.mddoes not specify clear delimiters (such as XML tags or unique markers) to separate the instructions from the data being analyzed, which is a common best practice for preventing injection. - Capability inventory: The skill has capabilities to read files (
read_text) and write reports to the local file system (atomic_write_text,write_quality_report). - Sanitization: The Python script provides a layer of deterministic sanitization by using regular expressions to match specific patterns, but the LLM-based role prompt does not incorporate validation or sanitization of its input.
Audit Metadata