domain-research
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill has a significant indirect prompt injection surface due to its core functionality of scraping and searching the web.
- Ingestion points: Untrusted data enters the agent context through
mcp__perplexity__search,mcp__context7__query-docs, andmcp__firecrawl__firecrawl_scrape(found in SKILL.md). - Boundary markers: The instructions lack explicit delimiters or safety warnings to ignore instructions embedded within the research results.
- Capability inventory: The skill is granted
Writepermissions to the file system and access to several external tool APIs. - Sanitization: There is no mention of sanitizing or validating external content before it is used to derive requirements.
- Data Exposure Surface (SAFE): While the skill uses external network tools (Perplexity, Context7, Firecrawl) and has file system access (
Read,Glob,Grep), these are consistent with its primary purpose of research and no malicious data exfiltration patterns were detected.
Audit Metadata