external-research
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes an external tool via the command
/external-scout <package> <topic>to fetch and cache data to the local filesystem at.tmp/external-context/. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted data from an external source ("Context7") and uses it to influence the agent's behavior and code output.
- Ingestion points: Documentation files stored in
.tmp/external-context/(e.g.,schemas.md,hooks.md). - Boundary markers: No delimiters or "ignore embedded instructions" warnings are used when reading the fetched documentation; instead, the skill explicitly tells the agent to "Trust current docs over training data assumptions."
- Capability inventory: The skill documentation references
code-executionas a related capability, implying that the agent will execute code generated based on the untrusted external documentation. - Sanitization: There is no evidence of sanitization, filtering, or validation of the content fetched from the external source.
Audit Metadata