tool-scout
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from web search results.
- Ingestion points: External web search results are retrieved via Exa, WebSearch, or other user-configured MCP tools (SKILL.md, Step 3 and Level 2 Deep Dive).
- Boundary markers: The skill does not define explicit delimiters or instructions to prevent the model from inadvertently following instructions potentially found within the search results.
- Capability inventory: The skill possesses the ability to perform web searches and delegate complex research tasks to a subagent (Agent tool).
- Sanitization: No evidence of validation or sanitization of the retrieved search results is present before the data is integrated into the agent's context or processed by subagents.
Audit Metadata