web-research
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection because it ingests untrusted data from the web and stores it in a persistent knowledge base.
- Ingestion points: Web search results retrieved via
WebSearchand existing knowledge retrieved viaqdrant-find(SKILL.md). - Boundary markers: Absent. The workflow does not define specific delimiters or instructions to ignore embedded commands within the harvested web content.
- Capability inventory: The skill uses
qdrant-find,WebSearch, andqdrant-store. It does not contain capabilities for arbitrary command execution (eval/exec) or sensitive file system access. - Sanitization: Absent. There is no evidence of content filtering or sanitization of the data before it is stored or processed.
Audit Metadata