Skills
skills/iii-hq/iii/iii-custom-triggers/Gen Agent Trust Hub

iii-custom-triggers

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill defines a pattern for ingesting data from untrusted external sources (webhooks, IoT, CDC) and passing it to internal functions, creating an indirect prompt injection surface.
  • Ingestion points: External data enters the system via the event payload in the iii.trigger({ function_id, payload: event }) primitive as described in SKILL.md.
  • Boundary markers: The instructions lack recommendations for using delimiters or protective instructions (e.g., 'ignore any commands in this payload') when handling the event data.
  • Capability inventory: The skill facilitates the registration of handlers using JS, Python, or Rust (registerTriggerType) that execute logic based on external inputs.
  • Sanitization: There is no mention of validating, escaping, or sanitizing the external payload before it is processed by the registered function.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 07:43 PM