cross-post
Pass
Audited by Gen Agent Trust Hub on Jul 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted data from external sources.
- Ingestion points: The workflow in
SKILL.mdinstructs the agent to "Fetch the URL or read the pasted text in full." - Boundary markers: Absent. There are no instructions providing delimiters or 'ignore' directives for the fetched content to prevent it from overriding agent instructions.
- Capability inventory: The skill is limited to fetching web content and generating text. It does not perform high-risk actions such as file system modifications or command execution.
- Sanitization: Absent. The skill does not specify any validation or filtering for the external content before it is interpolated into the drafting process.
Audit Metadata