large-report-editor
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Risk Surface. The skill is designed to ingest and edit large research reports, creating a surface where malicious instructions embedded in documents could influence the agent to perform unauthorized filesystem operations.
- Ingestion points: Document files are read from the local filesystem during the editing workflow.
- Boundary markers: Prompt templates lack explicit delimiters to isolate the document content from agent instructions.
- Capability inventory: The skill possesses file read and write capabilities (surgical patches).
- Sanitization: No input validation or sanitization of document content is described.
- [PROMPT_INJECTION]: Self-Referential Analysis. The inclusion of
skill-report.jsonwith a pre-authored security audit that claims the skill is safe and dismisses potential flags is a self-referential pattern used to interfere with automated security evaluations. - [PROMPT_INJECTION]: Metadata Inconsistency. There is a mismatch between the author stated in the skill's metadata ('ACSKamloops') and the author provided in the analysis context ('aiskillstore'), which can be used to mask the skill's true source.
Audit Metadata