paw-ps-research
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection vulnerability surface detected. The skill's primary function involves crawling and analyzing data from external websites, which could contain malicious instructions.
- Ingestion points: The agent retrieves data from competitor websites, reviews (G2, Capterra), and social media (Reddit, Twitter, LinkedIn) using the Exa search and crawling tools.
- Boundary markers: The skill's instructions do not include the use of delimiters or 'ignore' commands to separate untrusted web content from the agent's core instructions during synthesis.
- Capability inventory: The agent has the ability to write to the project's local file system (within the
.pawbytes/directory) and use retrieved data to inform further automated research steps. - Sanitization: There is no documentation of sanitization or validation processes to filter malicious content from the external data before it is processed by the LLM.
Audit Metadata