topic-research
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill's core functionality involves ingesting untrusted data from the web and processing it to generate a local file.
- Ingestion points: Step 2 of
SKILL.mdrequires the agent to search for trends, industry reports, and trending conversations on the web. This content is attacker-controllable. - Boundary markers: Absent. The instructions do not define delimiters or provide warnings to the agent to ignore instructions embedded within the research material.
- Capability inventory: The skill possesses web browsing capabilities and the ability to write files to the local filesystem (Step 4: Save the File).
- Sanitization: Absent. There is no requirement to sanitize or validate the content retrieved from the web before including it in the output file.
- [Data Exposure & Exfiltration] (LOW): The skill performs network operations to browse the web. While required for research, it involves interacting with non-whitelisted external domains, which is a prerequisite for exfiltration.
- [COMMAND_EXECUTION] (LOW): The skill automates the writing of a
.mdfile to the local filesystem. If the research results contain malicious payloads (e.g., terminal escape sequences or malicious markdown), opening the resulting file could pose a minor risk to the user environment.
Audit Metadata