design-study
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: This skill presents an indirect prompt injection vulnerability surface because it processes untrusted research data alongside high-privilege tool access.
- Ingestion points: In SKILL.md, Phase 1 (Reconstruct the study) instructs the agent to extract information from untrusted external sources like protocols, drafts, slides, and tables.
- Boundary markers: The instructions do not specify any delimiters or safety prompts to prevent the agent from following instructions that might be embedded within the ingested research materials.
- Capability inventory: The skill is configured with powerful system tools including Bash, Write, Edit, Read, Grep, and Glob, which could be exploited if an attacker hides malicious instructions in a research draft.
- Sanitization: No sanitization, validation, or escaping of the ingested research content is described in the workflow.
- Remediation: Implement strict boundary markers (e.g., XML tags) around untrusted data and include explicit instructions for the agent to ignore any embedded directives within those sections.
Audit Metadata