fact-checker
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection because it ingests untrusted content from documents to identify factual claims without implementing strict boundary markers.
- Ingestion points: The agent scans user-provided documents (SKILL.md, Step 1) to identify claims for verification.
- Boundary markers: Absent; there are no instructions to use delimiters or ignore embedded instructions within the document content being analyzed.
- Capability inventory: The skill utilizes an
Edittool for file modification and web search for verification. - Sanitization: Absent; the skill does not explicitly sanitize or validate extracted claims before processing them for search or modification.
- [Data Exposure & Exfiltration] (LOW): Information extracted from documents is used to generate web search queries to external search engines.
- Evidence: If a document contains sensitive internal information that is incorrectly identified as a verifiable claim, that information would be transmitted to external search providers. This is a functional risk rather than a malicious exfiltration attempt.
Audit Metadata