Skills
skills/akillness/skills-template/survey/Gen Agent Trust Hub

survey

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform file operations and manage research artifacts within the .survey directory.
  • [EXTERNAL_DOWNLOADS]: The skill uses the WebFetch tool to retrieve content from external websites for landscape research across four parallel lanes (Context, Solutions, Behavior, and Alternatives).
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection vulnerability surface because it processes untrusted data from the web.
  • Ingestion points: Untrusted data enters the agent context via the WebFetch tool in Step 1 (Lanes A, B, C, and D).
  • Boundary markers: The instructions do not specify any boundary markers or delimiters to isolate fetched content, nor do they instruct the agent to ignore embedded instructions in the external data.
  • Capability inventory: The skill allows the use of Bash, Write, and Read tools, which represent a significant capability surface if malicious instructions in web content were to be followed.
  • Sanitization: There is no evidence of sanitization, filtering, or validation of the data retrieved from external sources before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 09:27 AM