web-research-assistant
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface detected. Ingestion point:
scripts/research.pyfetches untrusted search result snippets and titles from an external API. Boundary markers: No delimiters are used to wrap external content or warn the agent to ignore instructions within the data. Capability inventory: The skill can write reports to the local file system and perform network requests to the vendor API. Sanitization: No filtering or escaping of retrieved web content is performed. - [DATA_EXFILTRATION]: The skill performs network operations targeting
mcp.browseract.com. This is a vendor-owned domain associated with the skill author 'browser-act' and is part of the intended search functionality. No sensitive local data or credentials were found to be exfiltrated.
Audit Metadata