search
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it processes data from external, untrusted sources such as web search results and public code repositories.
- Ingestion points: Data enters the agent's context through Tavily and Exa search results, GitHub Grep code patterns, and raw file content fetched from GitHub via
webfetch. - Boundary markers: The skill employs structured subagent prompts (Librarian role) with explicit headers like 'LEVEL', 'FOCUS', and 'FORMAT' to organize research tasks and separate metadata from retrieved content.
- Capability inventory: The skill has access to tools for repository structure exploration (
gh api), raw file content retrieval (webfetch), and visual content analysis via Z.AI Vision tools. - Sanitization: The instructions direct the agent to 'synthesize' and 'cross-validate' findings across multiple independent sources to verify information, though technical sanitization of the fetched data itself is not explicitly defined.
Audit Metadata