grief-companion
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection due to its ability to fetch and process external web content.
- Ingestion points: The skill uses WebFetch and WebSearch to interact with external websites and the resources listed in references/grief-resources-directory.md.
- Boundary markers: There are no defined delimiters or instructions to prevent the agent from obeying commands that might be hidden in fetched web data.
- Capability inventory: The agent is granted Bash, Edit, and Write tools, which provide significant control over the local environment if a malicious instruction is processed.
- Sanitization: There is no evidence of content filtering or validation for data retrieved from the web.
- [SAFE]: The skill includes extensive references to high-authority organizations such as the Social Security Administration (ssa.gov), Veterans Affairs (va.gov), and established non-profits like the American Foundation for Suicide Prevention. These are contextually appropriate and originate from trusted or well-known domains.
Audit Metadata