recipe-diagnose
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface by interpolating user-provided input ($ARGUMENTS) directly into the instructions for sub-agents.
- Ingestion points: User input enters the skill via the $ARGUMENTS variable and is used to populate prompts for the 'rule-advisor' and 'investigator' sub-agents in SKILL.md.
- Boundary markers: Absent. The skill inserts the user's phenomenon description directly into sub-agent prompts (e.g., 'Identify the essence... for this problem: [Problem reported by user]') without XML-style delimiters or 'ignore embedded instructions' markers.
- Capability inventory: The orchestrator utilizes the 'Agent' tool to invoke sub-agents and the 'TaskCreate'/'TaskUpdate' tools to manage the execution lifecycle. Sub-agents like 'investigator' are instructed to access code, history, and configuration files.
- Sanitization: No explicit input validation, escaping, or filtering of the user-provided text is performed before it is passed to the sub-agent pipeline.
Audit Metadata