research-and-report
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill exhibits an indirect prompt injection surface due to its data ingestion patterns.
- Ingestion points: Untrusted data enters the agent context via the
firecrawl(web scraping/search) andoctocode(GitHub search) tools as described in themethodologyandtoolssections. - Boundary markers: Absent. There are no instructions or delimiters provided to help the agent distinguish between its system instructions and potentially malicious instructions embedded in the retrieved web content.
- Capability inventory: The skill utilizes tools for data retrieval (
scrape,search,githubSearchCode). No high-risk capabilities such as local file system modification or arbitrary command execution were identified in the provided file. - Sanitization: Absent. No logic is defined to sanitize, filter, or escape the content fetched from external sources before it is synthesized into the final report.
- [Data Exposure & Exfiltration] (LOW): The skill triggers network operations to non-whitelisted external domains through the use of the
firecrawlandoctocodeMCP tools. This is considered low risk as it is the primary intended function of a research skill and does not involve access to sensitive local files.
Audit Metadata