parametrize-and-cite
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as its primary function is to ingest and process untrusted external data (documents, READMEs, configurations, etc.).
- Ingestion points: The skill accepts a wide variety of inputs including pitch decks, research reports, and configuration files (SKILL.md).
- Boundary markers: There are no explicit instructions for the agent to use delimiters or ignore instructions that may be embedded within the documents being processed.
- Capability inventory: While the skill itself is markdown-based, it instructs the agent to generate multiple output files (
.env.example,CITATIONS.md,TRANSFORMATION_LOG.md), which involves file-writing capabilities. - Sanitization: The instructions lack guidance on sanitizing or escaping content extracted from input documents before it is used in the final output or log files.
Audit Metadata