post-optimizer
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for Indirect Prompt Injection (Category 8) because its primary workflow involves ingesting and acting upon untrusted data from the internet.
- Ingestion points: In Step 1b ('Hotspot Scanning & Research'), the skill extracts keywords from user input and uses them to perform web searches. The resulting content from external websites is then processed to build 'research conclusions'.
- Boundary markers: There are no boundary markers (like XML tags or delimiters) or specific instructions provided to the agent to ignore or isolate potential commands embedded within the retrieved search data.
- Capability inventory: The skill utilizes a 'search tool' to fetch data. The generated output is then presented to the user, creating a chain where malicious instructions from a third-party website could influence the final generated content or the agent's behavior.
- Sanitization: The instructions do not include any steps for sanitizing, validating, or filtering the content found during the research phase before it is interpolated into the agent's reasoning process.
Audit Metadata