research
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to fetch and process external content, which is a significant vector for indirect prompt injection where a malicious website could attempt to influence the agent's behavior.
- Ingestion points: Untrusted data enters the context through 'WebSearch' results and 'WebFetch' content (as specified in SKILL.md).
- Boundary markers: Absent; there are no specific instructions to treat external data within delimiters or as untrusted literals.
- Capability inventory: Tools allowed include 'Read', 'Grep', 'Glob', 'WebSearch', and 'WebFetch'.
- Sanitization: No automated sanitization of fetched HTML or text is described; the skill relies on the agent's logic to verify findings across multiple sources.
- [Data Exposure & Exfiltration] (SAFE): Tool usage is consistent with the primary research purpose. There is no evidence of unauthorized access to sensitive local environment variables or private configuration files.
Audit Metadata