blog-factcheck
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and processes untrusted data from local blog posts and external URLs. Maliciously crafted content in these sources could potentially override the agent's instructions. 1. Ingestion points: Blog post files accessed via
Readand external pages retrieved viaWebFetchas described in the workflow ofSKILL.md. 2. Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded commands in the processed data. 3. Capability inventory: The skill utilizesRead,WebFetch,Grep, andGlobtools to interact with the filesystem and network. 4. Sanitization: There is no evidence of sanitization or filtering applied to the text extracted from files or websites before processing. - [EXTERNAL_DOWNLOADS]: The skill automatically fetches content from arbitrary URLs found within the text of the blog posts using the
WebFetchtool to verify statistical claims. This involves interacting with external web servers based on content provided in the analyzed file.
Audit Metadata