digital-archive

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill ingests raw text from external sources (via the ScrapingCascade tool in ArchiveWorkflow) and interpolates it directly into LLM prompts within the ArchiveCategorizer and EntityExtractor classes without using boundary markers.
  • Ingestion points: The ArchiveWorkflow.process_url method populates ArchiveRecord.text from scraped external content, which is then passed to categorize() and extract().
  • Boundary markers: Absent. The prompts in ArchiveCategorizer and EntityExtractor concatenate untrusted text directly into the prompt string (e.g., Text: {record.text[:10000]}) without delimiters or 'ignore instructions' warnings.
  • Capability inventory: The skill has the capability to write to the local file system (generating PDFs and JSON/CSV exports) and update external Google Sheets via SheetsService.
  • Sanitization: No sanitization or filtering is performed on the scraped text before it is sent to the LLM.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 07:15 PM
Security Audit — agent-trust-hub — digital-archive