huashu-info-search
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8) due to its core functionality.
- Ingestion points: The 'Core Functions' and 'Search Strategy' sections explicitly direct the agent to retrieve content from external, untrusted sources including TechCrunch, Reddit, Hacker News, and X/Twitter.
- Capability inventory: The skill instructions command the agent to write this external content to local files within
_knowledge_base/directories. This 'read-external-then-write-local' pattern is a high-risk capability tier. - Sanitization: There are no requirements for the agent to sanitize, escape, or filter out potential natural language instructions embedded within the searched data before saving it.
- Boundary markers: The skill lacks any instructions for using delimiters or boundary markers to isolate untrusted external content from the agent's primary system instructions.
- Risk: An attacker could host a webpage or forum post containing hidden instructions that the agent might interpret as legitimate commands during the processing or saving phase, potentially leading to unauthorized file system modifications or data manipulation.
Recommendations
- AI detected serious security threats
Audit Metadata