elon-musk
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its web research functionality.\n
- Ingestion points: In Phase 1, the researcher agents utilize tools like Firecrawl, SearXNG, and WebSearch to fetch content from external URLs to analyze industry conventions and innovation cases.\n
- Boundary markers: The skill instructions do not define explicit delimiters or 'ignore' directives to prevent the agent from executing instructions found within the scraped web content.\n
- Capability inventory: The skill has the ability to perform network operations (searching/fetching) and write files to the filesystem in the
.hypercore/first-principles/directory.\n - Sanitization: There is no evidence of content filtering, escaping, or sanitization of the retrieved data before it is interpolated into the agent's prompts.
Audit Metadata