multi-lens-quorum
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses authoritative directives to override default agent behavior for specific domain-related queries.
- Evidence: The skill description in the frontmatter instructs the agent to "ALWAYS use for any investment or trading advice" and specifies a list of keywords for "Auto-trigger".
- [PROMPT_INJECTION]: The sub-agent orchestration template introduces a risk of indirect prompt injection by interpolating untrusted data without structural boundaries.
- Ingestion points: The "SHARED FACTS" and "THE ONE QUESTION" blocks in the "Subagent prompt template" section of SKILL.md.
- Boundary markers: The template uses text placeholders but lacks explicit system-level delimiters (such as XML tags or triple backticks) with instructions to treat the interpolated content strictly as passive data.
- Capability inventory: Sub-agents are instructed to read local filesystem contents (SKILL.md and reference files) based on the provided lens paths.
- Sanitization: No evidence of input validation or sanitization is present in the orchestration logic to handle malicious input within the facts or question blocks.
Audit Metadata