survey
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it uses the
WebFetchtool to ingest untrusted content from the internet during its research phase. Maliciously crafted content on target websites could attempt to manipulate the agent's output or behavior. - Ingestion points: External websites accessed via
WebFetchduring research lanes A, B, C, and D. - Boundary markers: While the skill includes a
facts_onlyrule in its internal profile, it lacks explicit delimiters or instructions to disregard potential commands within the fetched data. - Capability inventory: The skill has access to
Bash,Write, andReadtools, increasing the potential impact if an injection were successful. - Sanitization: There is no evidence of explicit sanitization, filtering, or validation of external content before it is incorporated into the research artifacts or written to disk.
Audit Metadata