managing-sources
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill documents 'Playbooks', which allow users to save persistent instructions ('Agent notes') that are automatically loaded into the agent's context when working with a specific organization. This creates a surface for indirect prompt injection where a user or an external source could influence the agent's behavior in future sessions.
- Ingestion points: Playbook 'Agent notes' section defined in SKILL.md and managed via the 'manage_playbook' tool.
- Boundary markers: None specified; notes are described as free-form markdown that overrides general rules.
- Capability inventory: The agent has access to administrative tools including 'manage_source', 'manage_org', 'manage_product', and the 'releases' CLI for fetching and modifying remote data.
- Sanitization: No sanitization or validation of the markdown note content is mentioned before it is interpolated into the agent context.
Audit Metadata