icp-website-audit
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection attacks.
- Ingestion points: The skill crawls content from external client and competitor websites as part of its Phase 2 and Phase 3 evaluation workflows (described in
SKILL.md). - Boundary markers: The instructions lack boundary markers or explicit commands to the agent to ignore or isolate instructions that might be embedded in the crawled web content.
- Capability inventory: The agent possesses file system write capabilities (saving reports to the
clients/directory) and network access (web search and fetch). - Sanitization: There is no evidence of content sanitization or validation of the fetched external data before it is integrated into the agent's reasoning process.
Audit Metadata