add-sanity-chatbot
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation instructs the user to add an optimization skill from an external GitHub repository (
github.com/sanity-io/agent-context) using thenpx skills addcommand. This repository is the official source for the Sanity.io agent-context project, which is a well-known service provider.\n- [PROMPT_INJECTION]: The skill establishes a surface for indirect prompt injection because the resulting chatbot processes and reasons over data retrieved from the Sanity Content Lake, which may contain untrusted content.\n - Ingestion points: Data enters the agent's context through the
groq_queryandinitial_contexttools defined inreferences/chat-implementation.md.\n - Boundary markers: The
SYSTEM_PROMPTinreferences/chat-implementation.mduses structured Markdown headers to distinguish system instructions from retrieved page context and content data.\n - Capability inventory: The agent is granted capabilities to perform GROQ queries, explore content schemas, and capture browser-side page content and screenshots (
references/chat-implementation.md).\n - Sanitization: There is no explicit sanitization or filtering of the content returned from the Sanity dataset; the implementation relies on the LLM's internal safety guardrails.
Audit Metadata