find-links
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes user-provided markdown files.
- Ingestion points: The skill reads target markdown files in 'Phase 1: Scan and Identify' to find link placeholders.
- Boundary markers: No explicit delimiters or instructions are provided to the agent to treat the content of the files as untrusted or to ignore embedded instructions.
- Capability inventory: The agent has access to the WebSearch tool (network access) and the Edit tool (file modification).
- Sanitization: The skill lacks sanitization or validation of the content extracted from the file before using it to inform agent actions.
- [DATA_EXFILTRATION]: The skill extracts contextual information (sentences or paragraphs) surrounding placeholders and sends it to external search engines via the WebSearch tool. While intended to improve search relevance, this can inadvertently expose sensitive information residing in the user's files to third-party search providers.
Audit Metadata