learn
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by design as it fetches and processes content from arbitrary external websites.
- Ingestion points: Data enters the context through the
WebFetchtool as described in the Research Methodology section ofSKILL.md. - Boundary markers: The skill lacks explicit instructions or delimiters to ensure the agent ignores hidden instructions within the fetched web content.
- Capability inventory: The skill has the capability to write to the agent's persistent knowledge base (
agent-knowledge/*.md) and update master indices (CLAUDE.md,AGENTS.md) which directly influence the agent's future responses. It also triggers secondary skills (enhance-docs). - Sanitization: No content sanitization or adversarial instruction filtering is implemented to prevent external source material from poisoning the synthesized output.
- [EXTERNAL_DOWNLOADS]: The skill intentionally fetches data from remote URLs using
WebSearchandWebFetchto perform its primary function of researching and creating learning guides.
Audit Metadata