x-collect
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) as it is designed to ingest and process large amounts of untrusted data from the web.\n
- Ingestion points: The workflow relies on four rounds of web searches via the
WebSearchtool, pulling content from various external sources (official docs, GitHub, reviews, etc.) into the agent's context.\n - Boundary markers: Absent; the skill lacks explicit instructions or delimiters to distinguish between its internal logic and the untrusted data fetched from the internet.\n
- Capability inventory: The skill possesses the capability to synthesize reports and perform file-write operations ("Save to temp file"), which could be exploited if malicious content is processed.\n
- Sanitization: Absent; there is no mention of filtering, escaping, or validating the search result content before it is incorporated into the final material document.
Audit Metadata