cann-ask
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill uses directive language to enforce its internal retrieval workflow over raw tool calls. This is a functional instruction aimed at improving response quality and does not attempt to bypass agent safety filters or extract system prompts.- [PROMPT_INJECTION]: The skill possesses a potential surface for indirect prompt injection because it ingests and processes external documentation content.
- Ingestion points: External wiki content is loaded into the context via the
wiki_get_pagetool (SKILL.md). - Boundary markers: The instructions do not specify the use of clear delimiters or instructions to ignore embedded commands within the fetched wiki text.
- Capability inventory: The skill utilizes
wiki_search,wiki_get_page, andwiki_submit_trajectory(SKILL.md). - Sanitization: No content filtering or validation procedures are defined for the retrieved data before it is presented to the user.
Audit Metadata