topic-research
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted data from various external sources.
- Ingestion points: According to
references/keyword-expansion.md, the skill reads content from user-provided URLs, local file paths, code files, and community discussions. - Boundary markers: Absent. There are no specific delimiters or instructions for the agent to ignore potentially malicious commands embedded in the processed content.
- Capability inventory: The skill uses the
expand_keywordsandcluster_keywordstools, which likely interact with the vendor's backend services. - Sanitization: The instructions require the agent to convert content into a "markdown topic," which provides a transformation layer but does not include formal sanitization or escaping of input.
- [DATA_EXFILTRATION]: The skill instructions in
references/keyword-expansion.mdexplicitly direct the agent to read local files and URLs provided by the user. While this is part of the intended keyword research functionality, it creates a path where sensitive local data or external content is retrieved and subsequently passed to theexpand_keywordstool, which typically involves network transmission to the vendor's API.
Audit Metadata