researcher
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection vulnerability surface. Ingestion of untrusted external content can lead to command hijacking if processed data contains hidden instructions.\n
- Ingestion points: The skill fetches external data from various domains and research databases via
WebFetchandWebSearchtools.\n - Boundary markers: Absent. The instructions do not specify any delimiters or warnings to ignore instructions embedded within the research papers or web pages being synthesized.\n
- Capability inventory: The agent has the ability to spawn sub-agents (the
litool), read local files, and perform further network operations.\n - Sanitization: Absent. There is no evidence of filtering or escaping content from external sources before synthesis.\n- [DATA_EXFILTRATION]: Information disclosure via absolute file paths. The skill explicitly references local workstation paths, which reveals the host user account name and directory organization to the model context.\n
- Evidence: Use of the absolute path
C:/Users/AGasser/OneDrive/5 ANE CLAUDE work folder/mel_wiki/wiki/. While this aligns with the author's identity ('gasserane'), it exposes internal file system metadata.\n- [EXTERNAL_DOWNLOADS]: Automated retrieval of external research materials. This behavior is documented as safe when targeting well-known services.\n - Evidence: Fetches articles and bibliographic data from trusted institutional and medical repositories including
pubmed.ncbi.nlm.nih.gov,who.int, andunfpa.org.
Audit Metadata