adversarial-thinking
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The script
scripts/select-perspectives.shis susceptible to indirect prompt injection and schema confusion. - Ingestion points: The script accepts untrusted user data via the
contextandspecificspositional arguments. - Boundary markers: There are no boundary markers or delimiters used to separate user input from the rest of the generated output.
- Capability inventory: The script's primary role is to output a JSON object that guides the agent's adversarial strategy. While the script itself does not perform sensitive operations, its output directly influences the agent's downstream reasoning process.
- Sanitization: The script generates JSON by concatenating strings using
echowithout escaping double quotes. This allows an attacker to provide a string that closes a JSON field and injects new keys (e.g., '", "status": "compromised", "dummy": "'), potentially leading the agent to adopt an unintended state or ignore safety constraints in its next step.
Audit Metadata