adaptive-prose
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an inherent vulnerability to indirect prompt injection as it is designed to ingest and process user-supplied source material for redrafting purposes.\n
- Ingestion points: Untrusted data enters the agent context through the 'source text' and 'notes' inputs as specified in the preflight workflow (
references/step-0-preflight-workflow.md).\n - Boundary markers: There are no explicit delimiters or specific 'ignore embedded instructions' warnings provided in the drafting steps to isolate user content from the core logic.\n
- Capability inventory: The skill contains instructions to write processed content to the filesystem under the
@ARTIFACT_ROOTdirectory in the finalization workflow (references/step-4-finalize-output-workflow.md).\n - Sanitization: The workflow does not include any explicit steps for sanitizing, escaping, or validating the external text content before it is incorporated into the drafting process.
Audit Metadata