clarifying-scenarios
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection Surface: The skill ingests raw user input to populate a
clarification.mdfile used by downstream agents. This represents a typical surface where user-provided content can interact with the prompt context of other components.\n - Ingestion points: Untrusted data is retrieved from
userInputinSKILL.md.\n - Boundary markers: The
templates/clarification.mdfile lacks specific delimiters to separate user-provided values from instructions for downstream agents.\n - Capability inventory: The skill manages file system writes for the
clarification.mdartifact.\n - Sanitization: Input is evaluated for evidence but is not explicitly sanitized before being placed into the output artifact.\n- Secure Interaction Pattern: By rendering clarification forms dynamically in the session rather than writing them to disk, the skill avoids leaving stale or potentially sensitive interaction files in the workspace environment.
Audit Metadata