help-center-article-generator
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is specifically designed to ingest and process untrusted external data as its primary function.
- Ingestion points: The skill processes support ticket exports (CSV/lists), internal feature documentation, and content from external URLs (SKILL.md).
- Boundary markers: The instructions lack explicit delimiters or guidance for the agent to ignore embedded instructions within the processed source data, which could lead the agent to follow malicious commands hidden in tickets or documentation.
- Capability inventory: Although labeled as a 'pure reasoning' skill, it directs the agent to perform file system operations (writing .md files and creating directories) and potentially fetch external content via URLs.
- Sanitization: There are no instructions for the agent to sanitize, validate, or escape the content of the external source data before using it to generate the final articles.
Audit Metadata