to-prompt
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it instructs the agent to gather and format untrusted data (such as bug reports, code snippets, and git history) without requiring boundary markers or sanitization. This could allow malicious instructions within that data to influence the behavior of the agent or the receiving LLM.
- Ingestion points: Processes external, untrusted content including source code snippets, issue descriptions, and repository history.
- Boundary markers: The skill does not define specific delimiters (like XML tags or triple backticks) or instructions to treat external data as untrusted content within the generated prompt.
- Capability inventory: The skill uses the agent's ability to read files and environment metadata to construct complex context for external consumption.
- Sanitization: There is no requirement for the agent to filter or validate the contents of the gathered data before inclusion in the final prompt output.
Audit Metadata