library-research
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill fetches content from external, untrusted sources which creates an attack surface for indirect prompt injection. \n
- Ingestion points: Data enters the agent context through the webfetch and context7_get_library_docs tools as described in the Tools & Integration section of SKILL.md. \n
- Boundary markers: Absent. The skill instructions do not include delimiters or specific commands for the agent to ignore instructions embedded within the retrieved documentation. \n
- Capability inventory: The skill uses tools for resolving IDs and fetching data. It does not appear to have file-write or shell-execution capabilities defined within this skill file. \n
- Sanitization: No sanitization or filtering of the fetched content is described before it is presented to the model or user.\n- [External Downloads] (LOW): The use of the webfetch tool to retrieve external documentation involves connecting to non-whitelisted third-party domains. While consistent with the skill's primary purpose, it constitutes an external data dependency.
Audit Metadata