multi-modal
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it is designed to process untrusted external media through various templates in
SKILL.md. - Ingestion points: Data from images, audio recordings, and documents enter the context via placeholders in templates like 'Visual Q&A Pattern' and 'PDF Extraction'.
- Boundary markers: Absent. The instructions do not define clear delimiters or 'ignore' directives to prevent the agent from obeying instructions embedded within the media content.
- Capability inventory: Low risk. The skill only defines prompt templates and does not possess capabilities for network exfiltration, file system modification, or shell command execution.
- Sanitization: None. Extracted or interpreted content from external files is interpolated directly into the agent's reasoning path without filtering.
Audit Metadata