crewai
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill promotes the use of tools like SerperDevTool and WebsiteSearchTool to perform network requests and fetch external data.
- [COMMAND_EXECUTION]: The instructions provide examples for custom tool creation, such as a database query tool, which allows an agent to execute logic based on its own input.
- [DATA_EXFILTRATION]: The skill references FileReadTool and DirectoryReadTool, which enable the agent team to access and read content from the local file system.
- [PROMPT_INJECTION]: The multi-agent workflow involves agents reading untrusted data from external websites, creating a surface for indirect prompt injection.
- Ingestion points: SerperDevTool and WebsiteSearchTool in SKILL.md
- Boundary markers: Absent in the provided instructions
- Capability inventory: File system access (FileReadTool), network access, and custom tool execution in SKILL.md
- Sanitization: Absent in the provided instructions
Audit Metadata