research-expert
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted web data and has write-equivalent file capabilities. * Ingestion points: External content is retrieved via WebFetch. * Boundary markers: Absent; no instructions exist to ignore embedded commands. * Capability inventory: Write, Edit, Grep, and Glob allow filesystem modification and searching. * Sanitization: Absent; content is processed directly.
- [Data Exposure] (MEDIUM): The Grep and Glob tools enable searching the local filesystem, which could be abused if the agent is redirected by malicious web content to scan for sensitive files beyond the intended scope.
Recommendations
- AI detected serious security threats
Audit Metadata