search
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill possesses an attack surface for indirect prompt injection via the
WebFetchtool. - Ingestion points: Untrusted data enters the agent context through the
WebFetch(url=result.url, ...)call inSKILL.md. - Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the fetched content shown in the documentation.
- Capability inventory: The skill performs network read operations (
WebSearch,WebFetch) and text synthesis. It does not demonstrate file-write, command execution, or system modification capabilities. - Sanitization: No sanitization or filtering of external content is mentioned before it is passed to the agent for synthesis.
Audit Metadata