osint-investigator
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is highly susceptible to indirect prompt injection attacks because it instructs the agent to ingest and analyze untrusted content from the web.
- Ingestion points: The skill utilizes
agent-browser,web_search, andcurlto retrieve data from arbitrary external URLs found during reconnaissance (identified inSKILL.mdandreferences/recon-vectors.md). - Boundary markers: The instructions do not define clear delimiters or warning markers to isolate untrusted external content from the agent's core instructions.
- Capability inventory: The skill possesses significant network capabilities through its tools, allowing it to navigate the web and fetch remote artifacts.
- Sanitization: No explicit instructions are provided for the agent to sanitize or filter potentially malicious text (e.g., system-level override commands) embedded in fetched social media bios or website metadata.
Audit Metadata