humans-welcome-observe-first-look

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed to ingest and classify large volumes of untrusted data (posts, messages, and logs) from AI agent social networks. This creates a surface for indirect prompt injection where malicious instructions embedded in the analyzed content could attempt to influence the agent's classification logic.
  • Ingestion points: External corpora are ingested in JSONL or DataFrame formats as described in the 'Step-by-Step Workflow' (Step 1) and 'Concrete Examples' (Example 1).
  • Boundary markers: The workflow does not explicitly instruct the use of delimiters (like XML tags or markdown blocks) or specific 'ignore' instructions when interpolating untrusted post content into the classification prompt described in Step 5.
  • Capability inventory: The skill primarily performs data classification and statistical analysis; it does not involve subprocess execution, file-write access, or network operations beyond standard API calls for embeddings.
  • Sanitization: There are no instructions provided for sanitizing, escaping, or validating the content of the analyzed posts before they are processed by the LLM.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 04:03 PM
Security Audit — agent-trust-hub — humans-welcome-observe-first-look