fact-checker
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it reads and processes untrusted data from the web and user documents.
- Ingestion points: Documents provided for fact-checking and external web pages retrieved during the search process in Step 2.
- Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions when processing ingested external data.
- Capability inventory: The agent has the ability to read local files, perform web searches, and use the 'Edit' tool to modify files.
- Sanitization: No sanitization or validation of the ingested content is described in the prompt workflow.
- Mitigation: The potential for automated misuse is mitigated by a mandatory Step 5 which requires explicit user approval before any corrections are applied to the file system.
- [NO_CODE]: The skill consists exclusively of markdown instructions and YAML configuration without any scripts, executables, or binary dependencies.
- [SAFE]: The repository contains a file named '.security-scan-passed' that asserts the skill's safety based on automated scanning. This self-authoritative claim was noted but not used as a primary factor in the verdict; however, no evidence was found to suggest the claim is deceptive.
- [SAFE]: Installation commands and repository references (e.g., ccpm install and GitHub links) point to the vendor's own namespace and infrastructure.
Audit Metadata