diagnose
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection attack surface. 1. Ingestion points: The
external-check-agentusesWebSearchfor market research, and theverdict-agentprocesses user-provided files like CSVs. 2. Boundary markers: The skill instructions do not specify the use of delimiters (e.g., XML tags or backticks) to isolate untrusted data. 3. Capability inventory: The skill has access toBash,WebSearch, andWebFetchtools. 4. Sanitization: No input validation or instruction to ignore embedded prompts is present in the agent guidelines. - [COMMAND_EXECUTION]: The skill employs the
Bashtool for data analysis. The instructions indata-mapper-agent.mdprovide examples of using SQL queries against databases to verify metrics. This behavior is consistent with the skill's stated goal and does not show signs of malicious intent.
Audit Metadata