deslop
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it instructs the agent to process arbitrary content from untrusted sources.
- Ingestion points:
SKILL.mdidentifies inline text, file paths, and URLs as input sources for auditing. - Boundary markers: The instructions do not prescribe the use of delimiters (e.g., XML tags) to isolate untrusted user content from the skill's operational instructions.
- Capability inventory: The skill utilizes the agent's ability to read local files and fetch remote URL content.
- Sanitization: No input validation or sanitization steps are defined to mitigate the risk of malicious instructions embedded in the audited text.
- [DATA_EXFILTRATION]: The skill facilitates network operations by fetching content from arbitrary URLs provided by the user (
SKILL.md). This capability allows the agent to interact with non-whitelisted domains, which could be exploited for data exfiltration or SSRF if the execution environment is not sufficiently restricted. - [NO_CODE]: The skill consists entirely of Markdown instructions and reference documentation. No scripts or executable binaries are included.
Audit Metadata