web-search-researcher
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): No access to sensitive local files or hardcoded credentials detected.
- [Remote Code Execution] (SAFE): No code is shipped with the skill, and no external package installations or remote script executions are performed.
- [Indirect Prompt Injection] (SAFE): The skill is designed to ingest web content, creating a potential surface for indirect injection, though no dangerous capabilities are present to exploit it. (1) Ingestion points: External data enters through WebSearch and WebFetch tools mentioned in SKILL.md. (2) Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided templates. (3) Capability inventory: The skill does not include scripts for shell access, file-system writes, or network exfiltration. (4) Sanitization: No sanitization of retrieved web content is defined.
Audit Metadata