research-analyst
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill is designed to ingest and synthesize untrusted data from external websites via WebSearch and WebFetch. This creates a vulnerability where malicious hidden instructions in web content could subvert the agent's reasoning or instructions. Mandatory Evidence: 1. Ingestion points: WebFetch and WebSearch in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Read, Grep, Glob (filesystem read), WebFetch, WebSearch (network read). 4. Sanitization: Absent.
- [Data Exposure] (LOW): The inclusion of Read, Grep, and Glob tools allows the agent to access the local file system. While these are standard tools for research, this capability increases the impact of a potential indirect prompt injection, as an attacker could attempt to trick the agent into disclosing the contents of local files found through these tools.
Audit Metadata