deep-research
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection through its data ingestion and processing workflow.\n
- Ingestion points: External content is retrieved using the WebFetch tool from arbitrary URLs in Step 2, and the skill reads from local source maps in Step 1.\n
- Boundary markers: The skill does not define explicit delimiters or instructions to ignore embedded commands within the external content being processed.\n
- Capability inventory: The agent is granted capabilities to write to the file system (Step 5) and generate new sub-tasks using the TaskCreate tool.\n
- Sanitization: No sanitization or validation logic is specified for the data retrieved via WebFetch before it is used for extraction and evidence building.
Audit Metadata