web-research
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a potential surface for indirect prompt injection due to its core web-processing functionality.
- Ingestion points: The skill ingests untrusted data from external websites via the
analyze_pageandcompare_pagestools, which capture framework metadata, network request logs, and browser console output (SKILL.md). - Boundary markers: The instructions do not define boundary markers or provide the agent with explicit instructions to ignore embedded commands within the fetched external web content.
- Capability inventory: Across its scripts, the skill provides capabilities to write persistent records via
create_findingand perform follow-up network requests viaget_observationandget_crawled_urls(SKILL.md). - Sanitization: There is no evidence of sanitization, filtering, or structured validation to ensure that text extracted from external sources like console logs is not interpreted as instructions by the agent.
Audit Metadata