proactive-intelligence
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill implements an autonomous search and ingestion pipeline that is vulnerable to indirect prompt injection by design.
- Ingestion points: Untrusted external data enters the agent's context through the
search_tool.executemethod inSKILL.md, which retrieves snippets from web search results. - Boundary markers: The skill wraps gathered results in
<proactive_research>tags; while these provide a structural boundary, they do not prevent an agent from obeying adversarial instructions contained within the snippets. - Capability inventory: The agent is instructed to analyze campaign data and provide recommendations based on this injected context, allowing external content to potentially direct the agent's logic or conclusions.
- Sanitization: The implementation shows no evidence of sanitization, keyword filtering, or content validation for the search results before they are formatted into the knowledge block.
- [EXTERNAL_DOWNLOADS]: The skill autonomously initiates network requests to perform web searches without requiring user confirmation for each action.
- Evidence: The
ProactiveSearchAgentclass inSKILL.mddefines logic that automatically triggers and executes searches based on metric anomalies or data staleness.
Audit Metadata