sf-orders
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by instructing the agent to fetch and incorporate external web content into its implementation workflow.
- Ingestion points: External documentation retrieved via WebSearch and WebFetch tools (SKILL.md).
- Boundary markers: Absent; no delimiters or instructions are provided to the agent to ignore potentially malicious embedded instructions in the fetched data.
- Capability inventory: The skill provides access to Bash, Write, and Edit tools, which represent a significant capability tier if exploited via injected instructions.
- Sanitization: None; there are no mechanisms described for validating or filtering the retrieved documentation.
Audit Metadata