merge-all
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill identifies and merges content from multiple markdown files specified in a list, creating a surface where malicious instructions in those files could influence the agent during the subsequent 'polishing' phase. * Ingestion points: node-list.txt and various .md files in the workspace. * Boundary markers: The script inserts markdown horizontal rules (---) and headers between content blocks. * Capability inventory: The script merge_documents.py performs file reads, directory traversal (glob), and file writes. * Sanitization: No sanitization or safety-filtering is applied to the content of the markdown files before or after merging.
Audit Metadata