research
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (SAFE): The skill possesses an indirect prompt injection surface because its primary purpose is to retrieve and process content from external websites.
- Ingestion points: External data enters the agent context through the
web_searchandweb_fetchtools. - Boundary markers: Absent; there are no instructions provided to the agent to treat fetched content as untrusted or to use specific delimiters.
- Capability inventory: Capabilities are restricted to web browsing and managing internal memory via the
recallandremembertools. - Sanitization: No logic is present to sanitize, validate, or filter the content retrieved from the web before it is stored or processed.
Audit Metadata