book-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes content from external websites without sanitization or explicit boundary markers.
- Ingestion points: Data enters the system via
WebFetchcalls to Douban and Dangdang in Phase 0, and through variousWebSearchandWebFetchoperations performed by the six subagents in Phase 1. - Boundary markers: The prompts provided to the subagents do not utilize delimiters or provide instructions to ignore potential commands embedded within the retrieved web content.
- Capability inventory: The skill has the ability to perform network requests (search and fetch) and write synthesized reports to the local file system.
- Sanitization: There is no evidence of content validation or filtering to ensure that scraped data does not contain malicious instructions that could manipulate the synthesis logic.
Audit Metadata