think-top3
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it takes untrusted user input and incorporates it into a multi-step analytical process involving other instruction sets.
- Ingestion points: The primary ingestion point is the user-provided 'topic' described in SKILL.md and engine.md.
- Boundary markers: The instructions do not define explicit boundary markers or delimiters to wrap the user topic, potentially allowing instructions embedded within the topic to influence the agent's behavior during framework application.
- Capability inventory: Across its scripts and instructions, the skill reads local framework files (SKILL.md) and executes the instructions within them, creating a chain where user input can influence the execution of multiple sub-components.
- Sanitization: There is no programmatic sanitization or validation of the input topic, although the instructions include a step to 'restate the situation' which may act as a model-based normalization process.
Audit Metadata