privacy-policy-diff-summarizer
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted text from external files which are then summarized by the agent. This represents an indirect prompt injection surface where instructions hidden within a privacy policy could influence the agent's output.\n
- Ingestion points: The
privacy_policy_diff_summarizer.pyscript reads data from file paths provided via the--oldand--newarguments.\n - Boundary markers: Absent. The script extracts snippets from the text and includes them in a JSON report without specific delimiters or warnings to the agent to ignore embedded instructions.\n
- Capability inventory: The script performs local file reads and outputs results to stdout; it does not have network or elevated system capabilities.\n
- Sanitization: The script normalizes whitespace but does not filter or sanitize the text content for potential malicious prompt sequences.
Audit Metadata