Indices
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (LOW): The skill enables the agent to fetch and process data from arbitrary external websites, which presents a surface for indirect prompt injection.
- Ingestion points: Data from external websites is ingested via the
mcp__indices-mcp__retrieveRuntool. - Boundary markers: The instructions do not provide specific boundary markers or 'ignore' instructions for the data returned from websites.
- Capability inventory: The skill allows creating, executing, and deleting web-based tasks and starting browser sessions.
- Sanitization: No specific sanitization methods for the ingested web content are described in the documentation.
- Best Practice Violation (SAFE): The documentation contains contradictory advice regarding the
is_fully_autonomousparameter, first instructing the agent to 'Always use false!' and later suggesting it should 'Prefer autonomous tasks' and set it to true. This is a functional inconsistency rather than a security threat.
Audit Metadata