external-research
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to fetch and process content from an external, potentially untrusted source and explicitly instructs the agent to trust this content over its internal knowledge.
- Ingestion points: Data is retrieved via the
/external-scouttool and saved to.tmp/external-context/(SKILL.md). - Boundary markers: The skill does not provide delimiters or instructions to ignore potential commands embedded within the fetched documentation.
- Capability inventory: The agent is instructed to "Read" these files and "Implement" code based on their contents (SKILL.md).
- Sanitization: No sanitization or validation of the fetched content is described.
- [EXTERNAL_DOWNLOADS]: The skill relies on an external tool and source ("Context7") to fetch documentation files at runtime. While the intended use is for API documentation, the source is not a recognized well-known or trusted service.
Audit Metadata