bdistill-discover
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates untrusted user input into the agent's logic for generating domain slugs and extraction terms.
- Ingestion points: User-provided descriptions of their work or field (e.g., "I work in insurance") are the primary inputs for the mapping workflow.
- Boundary markers: Absent. The skill does not use delimiters or instructions to help the agent distinguish between user data and its own operational instructions.
- Capability inventory: The skill instructs the agent to perform file-write operations to the local filesystem at
data/discovery/{domain}-seeds.jsonand suggests integration with otherbdistillsuite tools. - Sanitization: Absent. There are no instructions for the agent to validate or sanitize the
{domain}variable derived from user input, which presents a surface for path traversal or malicious file naming if the agent interprets the input as a path component.
Audit Metadata