altium-validation
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it instructs the agent to ingest and analyze data from various project files (documentation, source code) without using boundary markers or delimiters. Maliciously crafted content within these files could potentially hijack the agent's context and influence its behavior.
- Ingestion points: Documentation directories (
docs/dxp/,docs/schlib/,docs/schdoc/,docs/pcblib/), the decompiled Altium C# source code (AD26-dotnet/), and the skill's own implementation code (crates/altium-format-types/src/). - Boundary markers: Absent. The agent is directed to read and cross-reference the files without instructions to ignore embedded commands.
- Capability inventory: The skill leverages file reading, searching with grep, and mentions the use of tools like ghidra-cli for binary analysis.
- Sanitization: Absent. There are no instructions to sanitize or validate the content of the ingested files.
- [PROMPT_INJECTION]: The skill instructions end with an unprotected
$ARGUMENTSplaceholder. This allows user input to be appended directly to the agent's instructions without isolation, providing a vector for direct prompt injection to override the skill's logic or bypass safety guidelines.
Audit Metadata