grouchygiraffe-recipe-lookup
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill ingests untrusted data from local YAML files and image thumbnails which could contain instructions to override the agent's behavior.
- Ingestion points: Reads uploader, handle, and description from
.yamlfiles, and recipe names from_thumb.jpgimages using vision capabilities (SKILL.md, Steps 2 & 3). - Boundary markers: Absent. There are no delimiters or warnings to ignore instructions within the processed files.
- Capability inventory: The agent has access to file reading,
WebSearch, andWebFetchtools (SKILL.md, Steps 2, 4, 5). - Sanitization: Absent. Extracted strings are used directly in subsequent steps without validation.
- [DATA_EXFILTRATION]: Data extracted from local files is sent to external web services.
- Evidence: The skill extracts authors' names, handles, and recipe titles from local files and uses them as search queries in
WebSearch, effectively sending local metadata to a third-party search engine (SKILL.md, Steps 4 & 5).
Audit Metadata