fact-checker
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill presents a high risk for Indirect Prompt Injection due to its interaction with untrusted external content. * Ingestion points: The skill reads local documents (SKILL.md Step 1) and retrieves arbitrary content from the web via search (SKILL.md Step 2). * Boundary markers: There are no specific instructions or delimiters used to separate user instructions from untrusted data retrieved from the web. * Capability inventory: The skill is capable of modifying the local filesystem using the Edit tool (SKILL.md Step 5). * Sanitization: There is no evidence of sanitization or validation of content fetched from search results. * Risk: An attacker could host a malicious 'fact' on a website that, when retrieved by the agent's search tool, is interpreted as an instruction to modify or delete local files.
Recommendations
- AI detected serious security threats
Audit Metadata