ctf-osint
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it instructs the agent to fetch and process data from untrusted external sources such as social media posts, web pages, and DNS records. An attacker could embed malicious commands within these sources to manipulate the agent's behavior.
- Ingestion points: Data ingestion occurs via WebFetch and curl across SKILL.md, social-media.md, and web-and-dns.md.
- Boundary markers: There are no markers or instructions to isolate or ignore instructions within the ingested data.
- Capability inventory: The skill provides access to Bash, Write, and Edit tools, which could be exploited if an injection occurs.
- Sanitization: No sanitization or validation of external content is specified.
Audit Metadata