parametrize-and-cite

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as its primary function is to ingest and process untrusted external data (documents, READMEs, configurations, etc.).
  • Ingestion points: The skill accepts a wide variety of inputs including pitch decks, research reports, and configuration files (SKILL.md).
  • Boundary markers: There are no explicit instructions for the agent to use delimiters or ignore instructions that may be embedded within the documents being processed.
  • Capability inventory: While the skill itself is markdown-based, it instructs the agent to generate multiple output files (.env.example, CITATIONS.md, TRANSFORMATION_LOG.md), which involves file-writing capabilities.
  • Sanitization: The instructions lack guidance on sanitizing or escaping content extracted from input documents before it is used in the final output or log files.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 12:02 PM
Security Audit — agent-trust-hub — parametrize-and-cite