aps-doc-id-unification
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill's primary function is to ingest and summarize content from external configuration files (.dig, .yml, unify.yml), which are considered untrusted data sources.
- Ingestion points: The skill instructs the agent to read file content from a user-specified directory path (SKILL.md).
- Boundary markers: The instructions do not specify the use of delimiters or warnings to ignore instructions embedded within the processed files, increasing the risk that the agent may follow commands hidden in the data.
- Capability inventory: The skill performs file discovery (Glob) and reading to extract data for text generation. It does not appear to use network or execution tools.
- Sanitization: No sanitization or validation of the file content is mentioned before it is interpolated into the documentation templates.
Audit Metadata