uncertainty-verification
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill establishes a workflow that ingests untrusted data from external websites via
mcp_fetch_fetchandfetch_webpagetools (evidence in SKILL.md). This creates a vector for malicious instructions embedded in external content to influence the agent's behavior. Ingestion points: External documentation and web pages. Boundary markers: Absent; the skill does not define delimiters or ignore-instructions for the fetched content. Capability inventory: The fetched data influences the agent's logic and response content, and the agent has network access. Sanitization: Absent; no validation or filtering is performed on the ingested content. - [Data Exposure & Exfiltration] (LOW): The skill performs network operations to access external, non-whitelisted domains to retrieve documentation.
Audit Metadata