Skills
skills/rohitg00/pro-workflow/survey-generator/Gen Agent Trust Hub

survey-generator

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its design of processing untrusted data from external sources.
  • Ingestion points: The skill uses the WebFetch tool to retrieve content from external URLs (source_url) as defined in the Step 1 workflow of SKILL.md.
  • Boundary markers: The buildPrompt function in scripts/build-survey.js interpolates the retrieved data (topics, paper summaries, and bibliography) into the LLM prompt without using explicit security delimiters or boundary markers to isolate untrusted content from the system instructions.
  • Capability inventory: The skill has access to Write and Bash tools, which are used to save survey files and execute indexing commands (wiki-cli.js).
  • Sanitization: There is no evidence of content sanitization or instruction filtering applied to the web content before it is processed by the LLM for survey generation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 12:22 PM