orbit-general
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill aggregates data from a wide variety of third-party platforms to create a unified dashboard, which presents a surface for indirect prompt injection.
- Ingestion points: The skill retrieves live data from at least 10 connectors including Slack, Notion, Gmail, GitHub, and Sentry as described in
SKILL.md. - Boundary markers: The instructions do not provide clear delimiters or guidelines to separate the retrieved external data from the agent's core instructions.
- Capability inventory: The skill produces interactive HTML output and is instructed to inject a specific JavaScript block from a template into the final rendered dashboard.
- Sanitization: No sanitization or validation steps are defined for the content retrieved from external connectors, which could allow malicious instructions embedded in that data to be processed by the model.
- [EXTERNAL_DOWNLOADS]: Fetches design assets from a well-known service to render the dashboard interface.
- Evidence: Loads typography from Google's public font registry via a stylesheet import in
example.html.
Audit Metadata