researcher-hand-skill
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the shell_exec tool to run a Python command for operating system identification during its setup phase.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of processing content from the web. 1. Ingestion points: The web_fetch tool is used in Phase 3 to ingest data from arbitrary URLs. 2. Boundary markers: No delimiters are used to separate external data from system instructions. 3. Capability inventory: The agent has access to shell_exec, file_write, and web_fetch. 4. Sanitization: The instructions do not define a process for sanitizing fetched content to prevent it from influencing agent logic.
Audit Metadata