ai-agent-safety-and-red-team

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The reference document 'references/indirect-prompt-injection-test-suite.md' contains numerous examples of prompt injection payloads (e.g., 'Forget all prior instructions', 'Ignore instruction override'). These are clearly defined within a YAML-based test corpus for the purpose of validating agent defenses and are not intended to be processed as instructions for the agent itself.
  • [DATA_EXFILTRATION]: The skill documents methods to detect and prevent data exfiltration, including the use of regular expressions for sensitive content and placeholder domains like 'attacker.example' in test scenarios. These elements are provided for educational and defensive verification purposes.
  • [PROMPT_INJECTION]: Regarding indirect prompt injection mitigation: 1. Ingestion points: Identifies KB chunks, web pages, and tool responses as untrusted sources. 2. Boundary markers: Prescribes Layer 1 'Provenance Tagging' using BEGIN/END delimiters to isolate untrusted content (§2). 3. Capability inventory: Identifies tools with external blast radii, such as webhooks and email services (§4). 4. Sanitization: Recommends multi-layer defense including regex-based injection markers and plan-alignment checks using a secondary judge LLM.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 04:57 PM
Security Audit — agent-trust-hub — ai-agent-safety-and-red-team