Skills
skills/yonatangross/orchestkit/add-golden/Gen Agent Trust Hub

add-golden

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill is designed to fetch and process external content from URLs, creating a high-risk surface for indirect prompt injection.
  • Ingestion points: Phase 1 and 2 in SKILL.md describe fetching and extracting content from user-provided URLs.
  • Boundary markers: No explicit markers (e.g., XML tags or delimiters) or instructions to ignore embedded commands are used to isolate the fetched content from the agent's logic.
  • Capability inventory: The skill uses TaskCreate, Write, and Edit tools. This allows malicious instructions embedded in fetched articles to potentially manipulate the workflow, influence subsequent agents, or corrupt the target dataset.
  • Sanitization: While SKILL.md Phase 7 mentions URL and schema validation, there is no evidence of sanitization to prevent the agents from obeying instructions contained within the document text.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:31 AM