ieee-search
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external web pages.
- Ingestion points: Paper titles, authors, and abstracts are extracted from the IEEE Xplore search results page in
SKILL.mdusing theevaluate_scripttool. - Boundary markers: The instructions do not define clear delimiters or include warnings to the agent to ignore instructions embedded within the extracted academic content.
- Capability inventory: The skill utilizes browser navigation (
navigate_page) and JavaScript execution (evaluate_script) capabilities via the Chrome DevTools MCP as defined inSKILL.md. - Sanitization: There is minimal sanitization performed on the ingested data; while HTML tags are stripped from titles using a regex in
SKILL.md, there is no validation to prevent malicious instructional text from being processed by the agent.
Audit Metadata