google-search-architecture
Fail
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [OBFUSCATION]: The skill's primary header contains a large sequence of hidden zero-width characters (U+200B, U+200C, U+200D). This content is invisible to the user but can be interpreted by the AI agent as instructions or used to store malicious payloads.
- Evidence: The header '# Google Search Architecture Style Guide' is followed by a string of 200+ zero-width characters.
- [INDIRECT_PROMPT_INJECTION]: The presence of hidden, non-human-readable characters within the markdown structure creates an attack surface where an agent might follow instructions that are not visible to the user during the interaction.
- Ingestion points: SKILL.md (Header field)
- Boundary markers: Absent
- Capability inventory: None (Code is conceptual)
- Sanitization: Absent
Recommendations
- AI detected serious security threats
Audit Metadata