research-patterns
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is susceptible to indirect prompt injection as it retrieves and processes untrusted data from external web searches and stored vector data. 1. Ingestion points: External data enters the agent context through WebSearch results and retrieval via the qdrant-find tool. 2. Boundary markers: Absent; the instructions do not specify the use of delimiters or 'ignore' instructions for external content. 3. Capability inventory: The skill has the ability to read from the network via WebSearch and write to a persistent store via qdrant-store. 4. Sanitization: Absent; there is no mention of validating or escaping external content before it is synthesized or stored.
Audit Metadata