multi-search
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill exhibits vulnerability to indirect prompt injection due to its core function of processing untrusted external materials. * Ingestion points: Reads user-provided documents (@file.md) and pasted text as defined in Phase 1 of SKILL.md. * Boundary markers: Absent. There are no specified delimiters or instructions to ignore embedded commands within the input materials. * Capability inventory: Employs WebSearch, WebFetch, and the Task tool for spawning sub-agents across multiple phases in SKILL.md. * Sanitization: Absent. The processing flow lacks validation or escaping mechanisms for the input data.
- [Command Execution] (LOW): Uses the 'Task' tool to dynamically instantiate and manage independent 'general-purpose' sub-agents. While this is the primary functionality, it represents an automated execution path based on processed inputs.
- [Data Exposure] (SAFE): File system interactions are limited to reading user-specified inputs and writing research reports to predictable locations like 'output/' or './research/'.
Audit Metadata