plan-eu-relocation
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by ingesting untrusted data from external websites.
- Ingestion points: The skill uses
WebFetchandWebSearchto retrieve procedures from external domains (e.g., bmi.bund.de, oesterreich.gv.at, ch.ch) in Steps 2, 4, and 5. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat fetched web content as data only or to ignore embedded instructions within that content.
- Capability inventory: The skill is restricted to information retrieval tools (
Read,Grep,Glob,WebFetch,WebSearch). It does not have access to subprocess execution, file-writing, or network POST operations. - Sanitization: The skill does not implement sanitization or validation of the content retrieved from external sources before it is processed by the agent.
Audit Metadata