company-research
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (MEDIUM): The skill is susceptible to Indirect Prompt Injection due to its reliance on external data sources. Ingestion points: It retrieves untrusted data from the web via
web_search_advanced_exaand automated browser sessions using theClaude in Chromefallback. Boundary markers: The instructions lack explicit delimiters or 'ignore embedded instructions' warnings for the processing of retrieved content. Capability inventory: The skill can spawn Task agents and interact with web pages, which increases the potential impact if the agent follows malicious instructions hidden in search results. Sanitization: There is no evidence of data sanitization, filtering, or validation of the external content before it is processed by the LLM.
Audit Metadata