analyzing-source
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill uses WebFetch to retrieve content from arbitrary URLs discovered via WebSearch. While this is the core intended functionality for research, fetching content from untrusted external sources is a prerequisite for indirect prompt injection.
- PROMPT_INJECTION (LOW): The skill has a surface for Indirect Prompt Injection (Category 8) due to its data ingestion and file-writing capabilities. 1. Ingestion points: Content is retrieved from the web via WebFetch in SKILL.md. 2. Boundary markers: The instructions do not specify delimiters or warnings to ignore instructions embedded within the fetched source material. 3. Capability inventory: The skill can write files to the local file system in the summaries directory. 4. Sanitization: There is no explicit requirement to sanitize or escape the content retrieved from external sources before processing or saving.
Audit Metadata