research-subagent
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill implements a web research workflow that ingests untrusted data from external websites using
web_fetchandmcp__playwright__snapshot. This constitutes an indirect prompt injection surface. - Ingestion points: Web content fetched from external URLs via search and browser tools as described in
SKILL.md. - Boundary markers: Absent; the instructions do not specify the use of delimiters or explicit 'ignore' instructions for the fetched content.
- Capability inventory: The agent has the ability to perform further searches and navigate to new URLs based on the content it analyzes.
- Sanitization: No sanitization or validation of the retrieved web content is mentioned.
- Note: This behavior is consistent with the primary purpose of a research agent, and no active malicious instructions were found.
Audit Metadata