teacher
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process untrusted data from external sources and local files.
- Ingestion points: The 'Research Phase' explicitly instructs the agent to use
web_searchandread_web_pagefor external content, andRead,Grep, andfinderfor local codebase analysis (documented in SKILL.md). - Boundary markers: The instructions do not define any delimiters or provide warnings to the agent to ignore potentially malicious instructions embedded within the researched materials.
- Capability inventory: The skill utilizes file system discovery (
finder), file reading (Read,Grep), and network requests (web_search,read_web_page). - Sanitization: There are no instructions provided to sanitize or validate the content retrieved from the web or local files before it is processed by the agent's logic.
Audit Metadata