ai-incident-postmortem-template
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ingestion of untrusted incident evidence data.\n
- Ingestion points: The
logic.promptfile andSKILL.mdinstructions require reading an "evidence pack for this incident" and an "incident timeline." These sources typically include unvalidated logs, user prompts, and AI outputs from the incident period.\n - Boundary markers: The skill lacks explicit boundary markers or instructions to prevent the agent from executing instructions that might be embedded in the evidence pack.\n
- Capability inventory: Based on the provided files, the agent's capabilities are limited to reading local files and writing the resulting postmortem to a markdown file (
AI_Postmortem_<incident_id>.md). No subprocess calls or network operations were found.\n - Sanitization: There is no evidence of sanitization, filtering, or validation of the ingested evidence data before it is processed by the LLM.
Audit Metadata