cve-research
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Queries vulnerability information from well-known and trusted services. Evidence: Communicates with NIST (NVD API), Google (OSV.dev API), and GitHub (Advisory Database API) for data retrieval.
- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection through processing external vulnerability descriptions. 1. Ingestion points: Results from OSV.dev, NVD, and GitHub Advisory Database APIs as defined in references/cve-apis.md. 2. Boundary markers: Absent. The query templates in references/templates/cve-query.md do not include specific delimiters to prevent the agent from obeying instructions embedded within vulnerability summaries. 3. Capability inventory: The skill is limited to information retrieval and reporting; no file-writing, command execution, or network exfiltration capabilities were found in the provided files. 4. Sanitization: Absent. The skill does not implement filtering or sanitization of the external content before it is presented to the agent.
Audit Metadata