research
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill uses
requests,beautifulsoup4, andfeedparserto download and parse content from external web sources and APIs. While typical for a research tool, this creates a network footprint. - [PROMPT_INJECTION] (MEDIUM): The skill is vulnerable to Indirect Prompt Injection (Category 8) due to the ingestion of untrusted external data.
- Ingestion points: Functions like
fetch_url,extract_page_content,fetch_feed, andsearch_nvd(documented inreferences/REFERENCE.md) ingest content directly from the internet. - Boundary markers: Absent. There are no specified delimiters or system instructions designed to prevent the agent from obeying commands found within the retrieved content.
- Capability inventory: The skill possesses network access (
requests) and produces research findings that directly influence the agent's context and decision-making viagenerate_report. - Sanitization: Absent. The documentation does not indicate any filtering, sanitization, or safety-checking of the content retrieved from external URLs or RSS feeds.
Audit Metadata