gauge
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits vulnerability to indirect prompt injection. It is designed to ingest untrusted data (SKILL.md files) and process this data to update its own internal detection patterns. This creates a feedback loop where adversarial content could influence the agent's logic. \n
- Ingestion points: Target SKILL.md files analyzed during the SCAN phase. \n
- Boundary markers: Lacks robust mechanisms to prevent interpreted instructions within audited text. \n
- Capability inventory: Capability to perform web search and modification of reference files (references/). \n
- Sanitization: Lacks explicit sanitization of audited content before it influences the evolution loop. \n- [PROMPT_INJECTION]: The 'Self-Evolution' subsystem allows autonomous modification of its own instructions. This self-modifying behavior, driven by untrusted audit data and external research, presents a risk of persistent logic drift. \n- [EXTERNAL_DOWNLOADS]: The skill performs web research identifying emerging practices. Sources include well-known services (Anthropic, Reddit, Arxiv) and community-specific sites (agentskills.io, skillsmp.com). \n- [PROMPT_INJECTION]: The file references/official-standards.md contains Japanese text, violating the skill's own 'L1' normalization rule requiring English-only content.
Audit Metadata