web-search-advanced-research-paper
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (LOW): This skill defines a workflow that ingests untrusted external data via the
web_search_advanced_exatool, which creates a surface for indirect prompt injection. - Ingestion points: Search results from academic databases (arXiv, OpenReview, etc.) are brought into the agent context.
- Boundary markers: The instructions do not define delimiters (such as XML tags or triple backticks) to isolate the untrusted search results from the agent's core instructions.
- Capability inventory: The skill itself is purely instructional and does not provide script execution, file system access, or network-writing capabilities.
- Sanitization: There are no instructions for sanitizing the output or explicitly telling the agent to ignore instructions embedded in the search results.
Audit Metadata