fraudshield-knowledge-graph-empowered
Warn
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill includes deceptive metadata and authoritative claims that reference a future/non-existent research paper ('FraudShield framework (WWW 2026)', 'arxiv.org/abs/2601.22485v1'). This technique attempts to mislead the agent or the user into granting a higher level of trust to the skill's logic and safety through a fake academic pedigree.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by design. It is specifically intended to ingest, normalize, and process untrusted external text (e.g., emails, job postings, contracts).
- Ingestion points: Untrusted data enters the context via the primary input text described in Step 1 and the workflow examples.
- Boundary markers: The skill attempts to mitigate risks by wrapping keywords in XML tags (e.g.,
<Urgency Pressure>), but these boundaries are generated from the untrusted content itself and could potentially be manipulated or spoofed by specifically crafted inputs. - Capability inventory: While the skill body is instructional, the included Python example demonstrates the use of an LLM client to parse and process the content, which could lead to secondary exploitation if the extraction logic is subverted.
- Sanitization: The skill implements a keyword pruning and confidence-scoring logic (Steps 5 and 6) to reduce noise, though it does not explicitly handle escaping for the XML tags it generates.
Audit Metadata