group-search
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its document retrieval and synthesis workflow.
- Ingestion points: Document content is ingested from the Yuque platform via the
yuque_get_doctool in SKILL.md. - Boundary markers: The prompt lacks clear delimiters or explicit instructions to the model to ignore instructions found within the retrieved text.
- Capability inventory: The skill is limited to read operations (searching and fetching docs) and does not have access to sensitive file paths, persistent storage, or outbound network tools beyond the MCP environment.
- Sanitization: No sanitization, filtering, or validation is performed on the content retrieved from documents before it is processed by the model for answer synthesis.
Audit Metadata