Skills
skills/2389-research/review-squad/well-actually/Gen Agent Trust Hub

well-actually

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core functionality of auditing untrusted external content.
  • Ingestion points: The skill uses browser tools to fetch and analyze external URLs, DOM structures, CSS files, and project source code (specified in SKILL.md under 'Code Access Rules').
  • Boundary markers: The subagent prompt template (specified in SKILL.md under 'Agent Prompt Template') lacks delimiters or instructions to ignore potential commands embedded within the audited content.
  • Capability inventory: The agents have access to browser tools and file reading capabilities to perform their analysis.
  • Sanitization: There is no evidence of sanitization or filtering of the ingested content before it is processed by the subagent LLMs.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 07:23 AM