prospect
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from the internet to drive its analysis and decision-making processes.
- Ingestion points: External research data is fetched using WebSearch and WebFetch in Phase 2.1 and then passed as context to sub-agent prompts during the intelligence brief phase.
- Boundary markers: The instructions do not define clear delimiters (like XML tags or markdown blocks) or include explicit system warnings to the model to ignore instructions contained within the fetched research data.
- Capability inventory: The skill environment possesses broad capabilities, including the Bash tool for shell operations and file system tools (Write, Edit, Glob, Grep) which could be targeted by a successful injection.
- Sanitization: There is no evidence of sanitization, filtering, or validation of the content retrieved from external sources before it is interpolated into agent prompts.
Audit Metadata