research-synthesis
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for Indirect Prompt Injection (Category 8) due to its core function of ingesting and synthesizing data from external web sources.
- Ingestion points: Untrusted data enters the agent's context through tools such as WebFetch, WebSearch, Perplexity, and Firecrawl, as specified in "SKILL.md" and "reference/multi-agent-invocation.md".
- Boundary markers: While the skill mandates source attribution and verification of tool results, it does not explicitly instruct the agent to use protective delimiters or to ignore potential instructions embedded within the fetched content.
- Capability inventory: Findings are integrated into the agent's narrative and used to update local storage ("braindump.md"), which can influence future agent behavior.
- Sanitization: There is no mention of sanitizing, escaping, or filtering the external content to prevent adversarial instructions from being executed by the LLM.
Audit Metadata