field-survey
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses WebSearch and WebFetch tools to retrieve academic information, book lists, and curriculum details from educational and scholarly websites. No execution of remote scripts or unverified binary downloads were detected.
- [COMMAND_EXECUTION]: The Bash tool is utilized to create directory structures based on researched academic branches. The commands are limited to standard file system organization tasks (
mkdir) necessary for the skill's primary function. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes untrusted data from the web to generate local files and folder names.
- Ingestion points: Research results from Phase 1 and Phase 2 entering the agent context via WebSearch and WebFetch.
- Boundary markers: Absent; the sub-agent prompts do not include explicit delimiters or instructions to ignore embedded commands in the fetched web content.
- Capability inventory: The main agent possesses Bash (directory creation) and Write (markdown file generation) capabilities.
- Sanitization: There is no explicit sanitization of strings retrieved from the web before they are interpolated into Bash commands or Write operations.
- [SAFE]: No hardcoded credentials, obfuscation techniques, or persistence mechanisms were found in the skill code.
Audit Metadata