legislative-change-monitoring
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is highly vulnerable to malicious instructions embedded in the external content it monitors. An attacker who can influence the content of a monitored page could potentially manipulate the agent's classification or triggered actions.
- Ingestion points: Frequent scraping of various Australian government, legal, and professional websites specified in the Source Registry.
- Boundary markers: Absent; there is no description of delimiters or instructions to ignore instructions found within the scraped data.
- Capability inventory: High-impact side effects including updating tax engine logic, invalidating caches, and creating Linear issues.
- Sanitization: No mention of content validation or escaping before the data is processed by the agent or downstream tools.
- External Downloads (LOW): Routine scraping of government domains is central to the skill; however, the use of external tools like Jina AI Reader to process this data introduces an external dependency in the data pipeline.
Recommendations
- AI detected serious security threats
Audit Metadata