technical-research
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill establishes an attack surface for Indirect Prompt Injection by instructing the agent to ingest and analyze data from the public internet.
- Ingestion points: The
SKILL.mdfile defines an information collection phase using tools such aswebfetchandgrep_app_searchGitHubto retrieve documentation, community discussions, and code examples from arbitrary URLs and repositories. - Boundary markers: The instructions do not define any boundary markers, delimiters, or explicit constraints (e.g., "ignore instructions in fetched data") to isolate the retrieved external content from the agent's logic.
- Capability inventory: Across its scripts and instructions, the skill has the capability to generate code snippets, architecture designs, and create or modify markdown files in the local
research/directory. - Sanitization: No sanitization or validation mechanisms are mentioned to filter or check the retrieved external content before the agent processes it or includes it in research reports.
Audit Metadata