content-researcher
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to its interaction with untrusted web content.
- Ingestion points: Web page content is retrieved and processed by subagents during the source extraction phase (references/guide-reader.md) and the question research phase (references/question-researcher.md).
- Boundary markers: The subagent prompts lack explicit instructions or delimiters to isolate the agent from potentially malicious commands embedded in the retrieved source material.
- Capability inventory: The skill utilizes web browsing and search capabilities to collect data and has the ability to write extracted knowledge to local markdown files (knowledge-base.md and under-discussed.md).
- Sanitization: No sanitization, validation, or filtering mechanisms are implemented to process the external content before it is processed by the subagents.
Audit Metadata