idea-generator
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates untrusted data from external and internal sources into the agent's context.
- Ingestion points: Untrusted data enters the agent's context through the output of the
web_searchtool and the contents of local filesMEMORY.md,HEARTBEAT.md, andUSER.md. - Boundary markers: The instructions do not employ delimiters (e.g., XML tags or triple quotes) or specific guardrail instructions to isolate the ingested data or prevent the agent from obeying instructions embedded within that data.
- Capability inventory: The skill utilizes the
web_searchtool for research; however, it lacks dangerous capabilities such as file system write access, arbitrary command execution, or unauthorized network operations. - Sanitization: There are no mechanisms described for validating, filtering, or escaping the content retrieved from web searches or local files before it is processed by the agent.
Audit Metadata