Lead Research
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it fetches and processes untrusted content from the web during its 'Deep Dive' phase.
- Ingestion points: Data enters the agent context from the web via URL fetching and extraction as described in SKILL.md (Phase 2).
- Boundary markers: The skill lacks instructions for using delimiters or 'ignore embedded instructions' warnings when handling retrieved data.
- Capability inventory: The skill uses the web_search capability to gather intelligence from external sites.
- Sanitization: No sanitization or validation of the fetched external content is performed before interpolation into the agent's reasoning process.
Audit Metadata