improve
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted user-provided content without explicit isolation or sanitization.
- Ingestion points: The 'Receive' phase in SKILL.md accepts external content ('existing work') as the basis for improvement.
- Boundary markers: The instructions do not define delimiters or specific 'ignore' directives to separate user data from the agent's improvement instructions.
- Capability inventory: The agent generates and modifies content based on user input, creating a surface where embedded instructions could influence output.
- Sanitization: No input validation or filtering is performed on the data being processed.
Audit Metadata