Skills
skills/alexei-led/claude-code-config/researching-web/Gen Agent Trust Hub

researching-web

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill is highly vulnerable to indirect prompt injection by processing untrusted external content from the web and search engine results.- Ingestion points: Data enters through the mcp__perplexity-ask__perplexity_ask tool and subsequent WebFetch calls to external URLs cited in search results.- Boundary markers: No explicit delimiters or instructions are provided to separate untrusted web content from the agent's internal reasoning or to ignore embedded instructions in the fetched data.- Capability inventory: The skill possesses dangerous capabilities including file system access (Read, Grep, Glob) and the ability to spawn new subagents with custom prompts via the Task tool.- Sanitization: There is no mention of sanitizing or filtering the content retrieved via WebFetch before it is synthesized into a 'comprehensive answer' or passed to the Task prompt.- Task Inception (MEDIUM): The skill uses the Task tool to spawn a 'perplexity-researcher' subagent. If the prompt for this subagent incorporates untrusted web content without sanitization, it creates a secondary injection vector where the subagent could be instructed to perform malicious activities within the codebase.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:04 PM