do-perspectives
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is susceptible to indirect prompt injection because it is designed to ingest and analyze external, untrusted source material and then use the resulting findings to modify other agent or skill files.
- Ingestion points: Phase 1, Step 3 (SKILL.md) allows loading content from arbitrary file paths or inline text provided by the user.
- Boundary markers: The skill lacks explicit instructions or delimiters to isolate the source material from the agent's internal logic, which could lead the agent to interpret instructions embedded within the analyzed content as commands.
- Capability inventory: The skill uses
Bash,Write,Edit, andTasktools in Phase 4 and Phase 5 to apply changes to target agents or skills, creating a direct path for malicious instructions in the source material to compromise the repository. - Sanitization: No sanitization, validation, or escaping of the source material's content is performed before it is processed through the analytical lenses or used to generate improvements.
Audit Metadata