systemic-ingestion-normalization
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to the processing of untrusted legacy data during migration. Ingestion points: The skill ingests content from several user-controlled files including substrate-context.md, phase-1-landscape-report.md, phase-2-taxonomy-model.md, and phase-3-environment-spec.md, alongside the actual legacy data substrate. Boundary markers: The instructions do not define any delimiters or markers to isolate the legacy data or instruct the agent to ignore instructions embedded within that data. Capability inventory: The agent has access to powerful tools including Read, Write, Edit, Bash, Glob, and Grep to carry out the migration tasks. Sanitization: While the protocol mandates normalization and schema conformance, it lacks specific sanitization or filtering to prevent natural language instructions in the legacy data from influencing agent behavior.
Audit Metadata