Skills
NYC
skills/smithery/ai/web-research/Gen Agent Trust Hub

web-research

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill processes untrusted web content which could contain malicious instructions designed to influence the agent or subagents.
  • Ingestion points: Web content is retrieved via web_search and fetch_url tools, then saved to local files (e.g., findings_[subtopic].md) in SKILL.md.
  • Boundary markers: The instructions do not provide any delimiters or warnings to ignore embedded instructions within the fetched data.
  • Capability inventory: The skill uses write_file, read_file, list_files, and task (subagent spawning) which could be misused if an injection is successful.
  • Sanitization: No sanitization or validation of the fetched web content is performed before the agent reads and synthesizes the findings.
  • [Command Execution] (SAFE): The skill instructs the agent to use mkdir to organize research folders. This is a standard file system operation consistent with the skill's stated purpose of organization.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:10 PM