search-first
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill consists exclusively of markdown documentation and instructional guidelines. There are no executable scripts, binaries, or automated code blocks included in the repository.
- [PROMPT_INJECTION]: The workflow encourages the agent to search for and evaluate content from external, untrusted sources such as public package registries (npm, PyPI) and GitHub. This represents a surface for indirect prompt injection.
- Ingestion points: Search results and metadata from external registries and code repositories (SKILL.md).
- Boundary markers: No specific boundary markers or instructions to disregard embedded commands are defined in the workflow.
- Capability inventory: The workflow facilitates actions such as package installation (npm/pip) and code implementation based on the retrieved data.
- Sanitization: No sanitization or validation of the external content is described in the research process.
Audit Metadata