doc-retriever
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface detected. Ingestion points: External web search results via
google_web_searchand local file content viaread_file. Boundary markers: Absent; no instructions are provided to the agent to distinguish between trusted and untrusted data. Capability inventory: The skill utilizes file reading and external search tools. Sanitization: Absent; no validation or filtering is applied to retrieved documentation before processing. - [DATA_EXFILTRATION]: Potential data exposure surface. The skill instructions encourage the agent to read the current codebase (
read_file) and use that context to perform web searches (google_web_search), which could lead to project-specific or sensitive code snippets being transmitted to external search engines.
Audit Metadata