izakaya-search
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill fetches data from external gourmet websites (Tabelog, Hot Pepper, Google Maps) using the WebFetch tool. This introduces an indirect prompt injection surface where malicious instructions embedded in restaurant reviews or descriptions could attempt to influence the agent's output.
- Ingestion points: WebFetch operations in SKILL.md (Step 3) visit external URLs.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the processing logic.
- Capability inventory: The skill can search the web, fetch content, execute a local Python script (format_report.py), and generate Markdown reports.
- Sanitization: The formatting script parses JSON data but does not perform specific sanitization of external strings before including them in the final Markdown report.
Audit Metadata