web-research
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill identifies a surface for indirect prompt injection by processing untrusted data from various web sources (Phase 2). Given this is the primary purpose of the skill and it includes instructions for source evaluation and synthesis, the risk is minimal.
- Ingestion points: External websites, GitHub repositories, and technical documentation via web search.
- Boundary markers: Uses Markdown headers and a structured log format to delineate findings.
- Capability inventory: Filesystem write (limited to
/tmp) and network read operations. - Sanitization: Relies on the agent's synthesis phase to process and summarize external content.
- Data Exposure (SAFE): The skill writes research logs to the
/tmpdirectory. - Evidence: Research logs are saved to paths like
/tmp/research-{timestamp}-{topic}.md. This is a standard practice for temporary storage of session-specific data and does not expose sensitive system files.
Audit Metadata