icp-website-review
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection during its website evaluation process. It uses the
WebFetchtool to ingest content from arbitrary external websites (Step 2), which is then directly incorporated into the analysis prompts for each persona (Step 3). The absence of explicit boundary markers (like XML tags or clear delimiters) and the lack of sanitization logic for the fetched text means a malicious website could include hidden instructions designed to influence the agent's verdict or manipulate its operations. - [NO_CODE]: The skill consists entirely of markdown instructions and metadata, containing no executable scripts, binaries, or complex automation logic, which inherently limits the risk of direct command injection or remote code execution via file-based payloads.
Audit Metadata