content-model
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its handling of untrusted user input during the content modeling discovery phase.
- Ingestion points: The agent gathers business requirements and content needs through a series of discovery questions defined in
SKILL.md. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat the user's answers strictly as data or to ignore any embedded instructions within that content.
- Capability inventory: The skill instructs the agent to use these requirements to generate a structured
mass operations JSON fileand then validate it using thebuild-mass-operationMCP tool. This combination of processing untrusted input and generating platform configuration payloads creates a potential injection surface. - Sanitization: The instructions lack guidance on sanitizing or escaping the user-provided content before it is interpolated into the generated JSON schema definitions.
Audit Metadata