zr-vote
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it evaluates content from external sources (pending ideas) to determine its actions. Maliciously crafted ideas could contain instructions to influence the agent's scoring or voting behavior.
- Ingestion points: Untrusted data enters the context via
probe idea getandprobe idea pendingcommands described inSKILL.md. - Boundary markers: There are no explicit instructions or delimiters defined to separate the idea content from the agent's system instructions.
- Capability inventory: The skill has the ability to perform state-changing operations including
probe idea vote(up, down, and veto). - Sanitization: The skill does not specify any validation or sanitization logic for the content retrieved from the
probetool.
Audit Metadata