digital-archive
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill ingests raw text from external sources (via the ScrapingCascade tool in ArchiveWorkflow) and interpolates it directly into LLM prompts within the ArchiveCategorizer and EntityExtractor classes without using boundary markers.
- Ingestion points: The
ArchiveWorkflow.process_urlmethod populatesArchiveRecord.textfrom scraped external content, which is then passed tocategorize()andextract(). - Boundary markers: Absent. The prompts in
ArchiveCategorizerandEntityExtractorconcatenate untrusted text directly into the prompt string (e.g.,Text: {record.text[:10000]}) without delimiters or 'ignore instructions' warnings. - Capability inventory: The skill has the capability to write to the local file system (generating PDFs and JSON/CSV exports) and update external Google Sheets via
SheetsService. - Sanitization: No sanitization or filtering is performed on the scraped text before it is sent to the LLM.
Audit Metadata