airweave-search
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill instructs the agent to search and retrieve content from external, untrusted sources such as Slack, Jira, and Notion. This creates a surface for indirect prompt injection where malicious instructions embedded in those sources could influence the agent's behavior.
- Ingestion points: Workspace data retrieved from multiple connected apps via
search-{collection}MCP tools. - Boundary markers: Absent; the skill does not provide instructions to use delimiters or ignore embedded commands in the retrieved text.
- Capability inventory: None; the skill files are purely documentation (Markdown) and do not contain executable code.
- Sanitization: Not explicitly implemented in the skill instructions, relying on the agent's underlying safety filters.
Audit Metadata