slr-prisma
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and extract information from untrusted user-uploaded documents such as protocols, manuscripts, and data extraction spreadsheets. Malicious instructions embedded in these documents could potentially influence the agent's behavior during the drafting phase.
- Ingestion points: Documents uploaded in .docx, .pdf, .xlsx, or spreadsheet formats (SKILL.md).
- Boundary markers: The instructions do not define specific delimiters or "ignore" instructions when processing the content of these external files.
- Capability inventory: The skill utilizes
web_searchfor reference verification and executes a local Python validation script (SKILL.md). - Sanitization: No explicit sanitization or input validation logic is described for the content extracted from uploaded documents.
- [COMMAND_EXECUTION]: The skill instructions specify the execution of a local script,
python scripts/office/validate.py, to validate generated Word documents before presenting them to the user (SKILL.md). This is a standard internal validation procedure.
Audit Metadata