multi-debate
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it is designed to ingest peer debate contributions and incorporate their logic into the agent's reasoning.
- Ingestion points: The agent reads content from all markdown files matching the
turn-{N-1}-*.mdpattern within a shared directory provided by the user in SKILL.md. - Boundary markers: No delimiters or isolation instructions are present to distinguish between the untrusted content of the external files and the agent's instructions.
- Capability inventory: The agent uses directory listing (via
ls) and file read/write operations to execute the workflow. - Sanitization: Lacks any mechanism to validate, filter, or sanitize the input from the external files before it is processed by the agent.
Audit Metadata