idea-consultant
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): The skill is vulnerable to indirect prompt injection via untrusted user input files. • Ingestion points: SKILL.md Phase 1 instructs the agent to read user-provided files or descriptions. • Boundary markers: None; the prompt does not define boundaries for the input data, making it likely for the agent to conflate input data with instructions. • Capability inventory: The skill writes multiple files to the local environment and spawns subagents via the Task tool to create content. • Sanitization: No sanitization or validation logic exists for the input content.
Audit Metadata