query
Pass
Audited by Gen Agent Trust Hub on Jun 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted content from the wiki/ and raw/ directories to answer user questions and generate new entries. It does not utilize boundary markers or specific instructions to disregard potential commands embedded within these source files. This creates a surface for indirect prompt injection where malicious instructions hidden in a raw source file could influence agent behavior during synthesis.
- Ingestion points: Reads all relevant pages in wiki/ and unprocessed sources in raw/ (SKILL.md, Steps 2 and 3).
- Boundary markers: Absent; the skill reads and synthesizes content directly.
- Capability inventory: The skill has the ability to create and modify files in the wiki/ directory (SKILL.md, Step 5 and Output Report).
- Sanitization: No evidence of escaping or filtering content from processed files before synthesis.
Audit Metadata