Skills
skills/laststance/skills/search-first/Gen Agent Trust Hub

search-first

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill facilitates the ingestion and processing of data from untrusted external sources, such as npm, PyPI, GitHub, and the general web, via a subagent. This creates an indirect prompt injection surface where malicious instructions embedded in package documentation or search results could potentially influence the agent's decision-making process.
  • Ingestion points: External search results, library documentation, and package metadata from npm, PyPI, GitHub, and various web sources (SKILL.md).
  • Boundary markers: Absent; the template for the research subagent does not include specific delimiters or instructions to ignore instructions found within the retrieved data.
  • Capability inventory: The workflow includes package installation and execution of discovered tools (SKILL.md).
  • Sanitization: Absent; there is no mention of validating or filtering content from external sources before it is processed by the agent.
  • [EXTERNAL_DOWNLOADS]: The skill workflow concludes with the installation and use of third-party dependencies. Although the examples provided—such as 'httpx', 'zod', and 'eslint'—are well-known and industry-standard libraries, the general research instruction relies on the agent to verify the safety and integrity of any arbitrary packages discovered at runtime.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 11:23 AM