kb-guide
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructions establish a surface for indirect prompt injection.
- Ingestion points: Content is retrieved from external knowledge base documents via tools such as search_documents, get_document, and read_page (SKILL.md).
- Boundary markers: The instructions do not define delimiters or specific safety instructions to isolate or ignore potentially malicious content within the retrieved documents.
- Capability inventory: The agent is granted capabilities to modify the knowledge base (create_document, update_document), which could be exploited if malicious instructions in a document are executed.
- Sanitization: There is no mention of sanitizing or validating document content before it is processed or presented.
Audit Metadata