privacy-policy
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by instructing the agent to visit a user-provided URL ($PRODUCT_URL) and extract information about data collection and third-party integrations.
- Ingestion points: Step 1 in
SKILL.mddirects the agent to research external content from the provided$PRODUCT_URL. - Boundary markers: The instructions do not specify any delimiters or safety warnings to distinguish between website content and system instructions.
- Capability inventory: The skill is primarily focused on text generation and does not include scripts with subprocess calls, file writes, or network operations outside of the agent's native browsing capability.
- Sanitization: There is no mention of sanitizing or filtering the content retrieved from the external URL before it is processed by the LLM.
Audit Metadata