survey
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of researching external content and community feedback.
- Ingestion points: The
WebFetchtool is used across multiple research lanes (Lane A: Context, Lane B: Solutions, Lane C: Actual Behavior) to gather data from external websites and community forums (SKILL.md, Step 1). - Boundary markers: The instructions do not define boundary markers (e.g., delimiters) or include instructions for the agent to ignore or isolate embedded instructions within the retrieved research data.
- Capability inventory: The skill has access to
Bash,Write,Read,Grep, andGlobtools, providing an execution surface where instructions found during web research could potentially attempt to influence file operations or shell commands. - Sanitization: There are no explicit sanitization or validation steps defined for the external data before it is interpolated into the markdown artifacts (
context.md,solutions.md, etc.).
Audit Metadata