search
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
casedevCLI tool to perform various searches, retrieval tasks, and read internal vault or skill data via subprocess commands. - [EXTERNAL_DOWNLOADS]: The
casedev search webfetchcommand is used to download content from arbitrary external URLs provided at runtime. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it retrieves and processes untrusted data from web searches and legal databases which could contain malicious instructions meant to influence the agent's behavior.
- Ingestion points: External content enters the agent's context through
casedev search web,casedev search webfetch,casedev search legal,casedev search cases, andcasedev search patent(SKILL.md). - Boundary markers: None. The skill does not define delimiters or provide 'ignore embedded instructions' warnings when processing retrieved content.
- Capability inventory: The skill executes the
casedevCLI tool, which has inherent network access to perform web and database queries. - Sanitization: There is no evidence of sanitization, validation, or filtering of the content retrieved from external sources before it is processed by the agent.
Audit Metadata