product-appeal-analyzer
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates indirect prompt injection by ingesting untrusted data from external websites via the WebFetch tool. This data is then used in the agent's analysis process, potentially allowing external content to influence the agent's output.
- Ingestion points: The skill uses the WebFetch tool to read content from user-provided URLs as part of the analysis workflow.
- Boundary markers: No delimiters or instructions to ignore embedded commands are specified for the fetched content.
- Capability inventory: The skill has Read, Write, Edit, and WebFetch permissions enabled, allowing the agent to process and store data based on external inputs.
- Sanitization: The fetched content is not sanitized or validated before processing.
Audit Metadata