sf-orders

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by instructing the agent to fetch and incorporate external web content into its implementation workflow.
  • Ingestion points: External documentation retrieved via WebSearch and WebFetch tools (SKILL.md).
  • Boundary markers: Absent; no delimiters or instructions are provided to the agent to ignore potentially malicious embedded instructions in the fetched data.
  • Capability inventory: The skill provides access to Bash, Write, and Edit tools, which represent a significant capability tier if exploited via injected instructions.
  • Sanitization: None; there are no mechanisms described for validating or filtering the retrieved documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 06:10 AM
Security Audit — agent-trust-hub — sf-orders