planar-binding
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill's primary function is to ingest and process data from external entities like third-party APIs and agents, which creates a surface for indirect prompt injection.
- Ingestion points: External APIs, cloud services, and third-party agents (SKILL.md).
- Boundary markers: The procedure suggests defining 'no-touch boundaries' and a 'scope of access', providing conceptual guidance but lacking instructions for technical delimiters or input isolation.
- Capability inventory: No tool usage or code execution is defined within the skill's own files, relying on the agent's general environment capabilities.
- Sanitization: The skill lacks explicit instructions for sanitizing or escaping content retrieved from external entities before processing it.
- [NO_CODE]: The skill consists entirely of markdown instructions and YAML configuration; it does not include any scripts, binaries, or executable code files.
Audit Metadata