search-specialist
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill's primary function involves retrieving and processing external web data, which creates a surface for indirect prompt injection. This is a characteristic of the research task rather than a specific malicious defect. \n
- Ingestion points: Web search results and page content parsed during the 'WebFetch Deep Dive' specified in SKILL.md. \n
- Boundary markers: The instructions do not define specific delimiters or isolation protocols to separate external content from the agent's core instructions. \n
- Capability inventory: The skill consists of instructional text only and does not include any internal scripts or tool execution definitions. \n
- Sanitization: No explicit steps for sanitizing or validating external content for malicious instructions are provided within the skill. \n- [NO_CODE]: The skill consists entirely of markdown-based instructions and metadata; it does not include any executable scripts, binary files, or external library dependencies.
Audit Metadata