award-application

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
  • [NO_CODE]: The skill consists exclusively of instructions in the SKILL.md file and does not include any executable scripts, binaries, or configuration files.
  • [PROMPT_INJECTION]: The skill instructs the agent to fetch content from user-provided URLs to identify award criteria. This creates a surface for indirect prompt injection where malicious content on a website could attempt to influence the agent's output.
  • Ingestion points: The process in SKILL.md (Step 1) involves fetching a "criteria page" from a URL provided by the user.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the guidelines.
  • Capability inventory: The skill's capabilities are limited to text generation and summarization; no shell execution or sensitive file access tools are defined or requested.
  • Sanitization: The instructions do not include steps for sanitizing or validating the content retrieved from external URLs.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 04:11 PM
Security Audit — agent-trust-hub — award-application