systemic-ingestion-normalization

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to the processing of untrusted legacy data during migration. Ingestion points: The skill ingests content from several user-controlled files including substrate-context.md, phase-1-landscape-report.md, phase-2-taxonomy-model.md, and phase-3-environment-spec.md, alongside the actual legacy data substrate. Boundary markers: The instructions do not define any delimiters or markers to isolate the legacy data or instruct the agent to ignore instructions embedded within that data. Capability inventory: The agent has access to powerful tools including Read, Write, Edit, Bash, Glob, and Grep to carry out the migration tasks. Sanitization: While the protocol mandates normalization and schema conformance, it lacks specific sanitization or filtering to prevent natural language instructions in the legacy data from influencing agent behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 12:03 PM
Security Audit — agent-trust-hub — systemic-ingestion-normalization