c2
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by interpolating user-provided research questions and constraints into its prompts without explicit delimiters or sanitization instructions.
- Ingestion points: Untrusted data enters via the
{research_question},{resources}, and{constraints}placeholders in the prompt template withinSKILL.md. - Boundary markers: Absent; the user input is directly embedded into the expert instructions.
- Capability inventory: The skill uses tools/commands to read configuration files (
config/diverga-config.json) and update decision logs (.research/decision-log.yaml). - Sanitization: No evidence of input validation or escaping for the interpolated user content.
Audit Metadata