researching-on-the-internet
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill directs the agent to gather and process untrusted content from external websites, which is a primary vector for indirect prompt injection. * Ingestion points: Uses WebSearch and WebFetch tools to ingest data from official documentation, community forums, and blog posts. * Boundary markers: The instructions lack directives for the agent to use delimiters or ignore embedded commands within fetched content. * Capability inventory: The skill informs reasoning and planning phases; while it does not define direct execution or write capabilities, it influences downstream design decisions. * Sanitization: There are no instructions for sanitizing or validating the integrity of the information retrieved from external sources.
Audit Metadata