research-methodology
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (LOW): The skill possesses an attack surface for indirect prompt injection due to its data ingestion capabilities.
- Ingestion points:
WebSearchandWebFetchtools allow the agent to ingest untrusted data from the internet. - Boundary markers: Absent. The instructions do not define delimiters or specific warnings to ignore instructions embedded in fetched content.
- Capability inventory:
WebSearch,WebFetch,Read,Grep, andGlobtools provide significant read access to web and local environments. - Sanitization: Absent. There is no logic provided to sanitize or validate external content before processing.
- Prompt Injection (SAFE): No direct attempts to override safety filters, extract system prompts, or assume unrestricted personas were found.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths (e.g., .ssh, .aws), or exfiltration commands were detected.
- Unverifiable Dependencies (SAFE): The skill does not install external packages or execute remote scripts.
Audit Metadata