researchers-primary-source
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill employs
WebFetchandWebSearchto ingest data from untrusted external sources such as Twitter, Reddit, and personal blogs. This creates a surface for indirect prompt injection where malicious instructions embedded in web content could influence the agent's behavior. - Ingestion points: Content retrieved via
WebFetchandWebSearchfrom various social media and web platforms as defined inSKILL.mdandDIRECT_SOURCES.md. - Boundary markers: The skill instructions suggest using markdown blockquotes for captured content, but they lack explicit instructions to the agent to disregard any commands or system-like instructions found within that content.
- Capability inventory: The skill allows access to high-privilege tools including
Write,Edit,Grep, andGlob, which could be exploited if an indirect injection is successful. - Sanitization: There is no evidence of automated sanitization or filtering of fetched content before it is processed by the agent.
- [Data Exposure & Exfiltration] (LOW): The skill's instructions explicitly encourage the agent to locate and document "Leaked materials," "Leaked emails," and "Internal documents." While intended for journalistic or research purposes, this directs the agent to interact with and potentially expose sensitive information from unauthorized data breaches.
Audit Metadata