peer-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted external manuscripts, creating a surface for indirect prompt injection.\n
- Ingestion points: Employs
Readfor local file access andWebFetchfor remote content retrieval.\n - Boundary markers: Absent. The protocol does not define delimiters or specific instructions to ignore embedded commands within processed manuscripts.\n
- Capability inventory: Includes
WebSearch,WebFetch,Read,Grep, andGlob, enabling both file system interaction and outbound network communication.\n - Sanitization: Absent. There is no evidence of input validation or content sanitization before the data is processed by the agent.\n- Data Exposure & Exfiltration (LOW): The toolset includes
WebSearchandWebFetch, which communicate with external domains. While these are used for research and verification, they constitute an outbound network channel to non-whitelisted domains. No sensitive file access or credential exposure was detected.
Audit Metadata