diagnose

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection attack surface. 1. Ingestion points: The external-check-agent uses WebSearch for market research, and the verdict-agent processes user-provided files like CSVs. 2. Boundary markers: The skill instructions do not specify the use of delimiters (e.g., XML tags or backticks) to isolate untrusted data. 3. Capability inventory: The skill has access to Bash, WebSearch, and WebFetch tools. 4. Sanitization: No input validation or instruction to ignore embedded prompts is present in the agent guidelines.
  • [COMMAND_EXECUTION]: The skill employs the Bash tool for data analysis. The instructions in data-mapper-agent.md provide examples of using SQL queries against databases to verify metrics. This behavior is consistent with the skill's stated goal and does not show signs of malicious intent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 04:04 PM
Security Audit — agent-trust-hub — diagnose