bbb-estatisticas
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface. The agent is instructed to process content from Wikipedia and the broader web to answer user queries. \n
- Ingestion points: External data enters the agent's context through local scraping scripts (
scripts/bbb-geral.py,scripts/bbb-historico.py,scripts/bbb-participantes.py) and thesearch_webtool results. \n - Boundary markers: The skill lacks explicit instructions or markers to delimit external content from system instructions, which could allow maliciously crafted external data to influence agent behavior. \n
- Capability inventory: The skill has access to network operations (via scraping scripts) and a web search tool. \n
- Sanitization: There is no evidence of sanitization or filtering applied to the retrieved text before it is presented to the LLM. \n- [EXTERNAL_DOWNLOADS]: The Python scripts in the
scripts/directory perform HTTP GET requests topt.wikipedia.orgto retrieve information. This is a well-known and trusted source for general information.
Audit Metadata