detecting-indirect-prompt-injection

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is a specialized cybersecurity utility focused on defending AI agents against indirect prompt injection. Its functionality aligns with industry standards such as MITRE ATLAS and OWASP.
  • [EXTERNAL_DOWNLOADS]: The skill relies on well-known open-source libraries (e.g., llm-guard, transformers, beautifulsoup4) and machine learning models from reputable sources like Hugging Face (ProtectAI, Meta). These dependencies are standard for AI security applications and do not present unusual risks.
  • [DATA_EXFILTRATION]: Analysis of the source code confirms that input data is processed locally to generate security verdicts. There is no evidence of unauthorized network transmission, data exfiltration, or hardcoded sensitive information.
  • [COMMAND_EXECUTION]: The skill utilizes pytesseract to extract text from images, which involves executing the Tesseract OCR engine. This is a documented requirement for its core function of identifying text-based attacks rendered into pixels.
  • [SAFE]: The skill includes an explicit normalization logic to mitigate common attack vectors:
  • Ingestion points: Processes HTML, PDF, images, and raw text via CLI arguments in agent.py.
  • Boundary markers: Serves as a pre-ingestion validation gate.
  • Capability inventory: Limited to local file reading and JSON output; no hazardous shell or network capabilities are exposed to the input data.
  • Sanitization: Implements character normalization and de-obfuscation (Base64/ROT13) to expose hidden payloads.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 03:40 AM
Security Audit — agent-trust-hub — detecting-indirect-prompt-injection