council
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it interpolates raw user input from $ARGUMENTS directly into the prompts for sub-agents in SKILL.md.
- Ingestion points: User-provided questions enter the system through $ARGUMENTS in SKILL.md.
- Boundary markers: The user input is wrapped in double quotes in the sub-agent prompt template (SKILL.md Step 4), but there are no instructions for the sub-agent to ignore or treat the quoted content as untrusted.
- Capability inventory: Sub-agents are explicitly granted access to Read, Glob, and Grep tools and are instructed to investigate the codebase (SKILL.md Step 4). A malicious user could craft a question that directs sub-agents to search for and expose sensitive configuration files or credentials.
- Sanitization: No sanitization, validation, or escaping is performed on the user-provided question before it is passed to the sub-agents.
Audit Metadata