graphify
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE]: The skill is purely informational, containing architectural guidance, decision matrices, and code examples in Markdown. It does not include executable scripts, shell commands, or configurations that grant the agent additional tool-based capabilities.
- [PROMPT_INJECTION]: The skill provides templates for entity and relationship extraction from external sources such as documents and websites. These templates create a potential surface for indirect prompt injection by interpolating untrusted data into prompt strings.
- Ingestion points: Processes unstructured data from documents (PDF, Markdown), website HTML, and code ASTs via prompt templates in
SKILL.md. - Boundary markers: The provided templates (e.g.,
Extract entities from: {chunk}) do not include explicit delimiters or instructions to ignore embedded commands within the ingested text. - Capability inventory: The skill itself has no operational capabilities; it only provides instructions for the agent's internal reasoning or for external tool usage not defined within this skill.
- Sanitization: No sanitization, escaping, or validation logic is included or suggested for the data being processed.
Audit Metadata