Skills
skills/arielperez82/agents-and-skills/updating-knowledge/Gen Agent Trust Hub

updating-knowledge

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it instructs the agent to fetch and synthesize content from external URLs without providing safety delimiters or instructions to ignore embedded commands.
  • Ingestion points: The mcp_web_fetch and web_search tools are utilized to ingest data from arbitrary third-party websites into the agent's context.
  • Boundary markers: There are no instructions defining delimiters (e.g., XML tags or triple backticks) to separate untrusted web content from the agent's primary instructions.
  • Capability inventory: The agent has access to sensitive capabilities including internal data tools (GitHub, Drive) and web-facing tools (web_search, web_fetch).
  • Sanitization: The skill does not mandate any validation or filtering of fetched content before processing.
  • [DATA_EXFILTRATION]: The workflow encourages the use of internal tools like Google Drive and GitHub alongside public web search tools. This creates a risk where internal company data or private project details could be inadvertently leaked to external search engines if the agent includes sensitive terms in search queries during its research phase.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 01:33 PM