research-briefing
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (MEDIUM): The skill is vulnerable to Indirect Prompt Injection (Category 8). \n- Ingestion points: Untrusted data enters the agent context through the
topicinput and thesearch_resultsretrieved from the external Tavily API inrun.py. \n- Boundary markers: There are no delimiters (e.g., XML tags, triple quotes) or specific instructions to the LLM to ignore embedded commands within the search results. \n- Capability inventory: The skill utilizes network search capabilities (tavily_search) but does not have direct file system write or code execution permissions. \n- Sanitization: The skill lacks any filtering, validation, or escaping of the external content before it is interpolated into thebriefing_prompt. - COMMAND_EXECUTION (LOW): The script
run.pydynamically modifiessys.pathto import local utilities from the../../scriptsdirectory, which is a common but brittle practice that can be exploited if the environment is compromised.
Audit Metadata