Skills
skills/kirkluokun/awesome-a-stock-openclawskills/fact-checker/Gen Agent Trust Hub

fact-checker

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) due to the way it processes untrusted Markdown content.
  • Ingestion points: The scripts/fact_checker.py script reads the entire content of a user-provided Markdown file via the file_path argument.
  • Boundary markers: Absent. The prompts SPLIT_PROMPT, CONTEXT_PROMPT, and VERIFY_PROMPT interpolate user-supplied text directly into the instruction blocks using Python string formatting. There are no clear delimiters (e.g., XML tags or unique tokens) or 'ignore' instructions used to separate the document content from the agent's system instructions.
  • Capability inventory: The skill has the capability to perform network operations (Google Search via the google-genai library) and write files to the local filesystem (IncrementalWriter class). An attacker could craft a document that tricks the agent into misreporting facts or exfiltrating data via the search tool.
  • Sanitization: Absent. The script performs no filtering, escaping, or validation of the input Markdown text before passing it to the LLM.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 05:32 AM