Skills
skills/jeo-tech-ai/oh-my-gods/survey/Gen Agent Trust Hub

survey

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection. It uses the WebFetch tool to ingest untrusted data from various external sources across four research lanes (Context, Solutions, Actual Behavior, and Alternatives). This data is then synthesized and written to the local filesystem using the Write tool. There are no safeguards described to prevent instructions embedded in the fetched content from being interpreted or executed by the agent.
  • Ingestion points: External web content retrieved via the WebFetch tool during Step 1 of the workflow.
  • Boundary markers: Absent; the skill lacks instructions to wrap external data in delimiters or to use specific prompts to ignore embedded instructions.
  • Capability inventory: The skill is authorized to use the Write and Bash tools (specified in SKILL.md), which provide a significant capability set if the agent is influenced by malicious input.
  • Sanitization: No sanitization, validation, or filtering of the retrieved web data is implemented before it is processed and written to the disk.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 06:59 AM