huashu-research
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): High susceptibility to Indirect Prompt Injection due to the skill's core workflow.
- Ingestion points: Untrusted data enters the agent context via
WebSearchresults from arbitrary external websites. - Boundary markers: The skill fails to define delimiters or instructions to ignore embedded commands within search results, increasing the risk that the agent follows instructions found on malicious websites.
- Capability inventory: The agent is granted file-write permissions to create and append data to files within the
_knowledge_base/directory, which can lead to persistent knowledge poisoning. - Sanitization: No sanitization or escaping of external content is specified before data is interpolated into the research files, allowing for the storage of malicious payloads or deceptive instructions that could affect future tasks.
Recommendations
- AI detected serious security threats
Audit Metadata