analyze-value
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing external, untrusted content from web URLs and local PDF files and feeding it directly into the context of multiple sub-agents.
- Ingestion points: External content is ingested in Phase 0 via
WebFetch(for URLs) andRead(for local PDF paths). - Boundary markers: While the skill provides high-level constraints to sub-agents (e.g., 'paper content is the core fact source'), it does not use explicit boundary delimiters or 'ignore embedded instructions' warnings when interpolating the
{paper_content}variable into the sub-agent prompts. - Capability inventory: The sub-agents possess the capability to perform further network operations via
WebSearchandWebFetch, while the main agent can executeWriteoperations to the local filesystem to save reports. - Sanitization: There is no evidence of content sanitization or instruction-filtering for the ingested paper data before it is processed by the LLM sub-agents.
Audit Metadata