Research
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it is fundamentally designed to retrieve and process untrusted data from the internet.
- Ingestion points: Data is fetched from arbitrary URLs, search results, and YouTube transcripts via
WebFetch,fabric, and specialized scraping MCPs inWorkflows/Retrieve.mdandWorkflows/YoutubeExtraction.md. - Boundary markers: The workflows lack explicit instructions or delimiters in their prompts to ensure that the agent ignores any instructions embedded within the retrieved content.
- Capability inventory: Researcher agents (
GeminiResearcher,DeepResearcher) used for synthesis have the capability to influence local filesystem writes in the history directory and subsequent logic flows. - Sanitization: There is no evidence of content sanitization or filtering before the ingested data is passed to the LLM for analysis.
- [COMMAND_EXECUTION]: The skill performs various command-line operations for its core functionality.
- Evidence:
SKILL.mdusescurlto send JSON payloads to a local notification service atlocalhost:8888. - Evidence:
Workflows/Fabric.mdandWorkflows/YoutubeExtraction.mdexecute thefabricCLI for content analysis and transcription tasks. - Evidence:
Workflows/ExtensiveResearch.mdandUrlVerificationProtocol.mdusecurlto perform HTTP status checks on external URLs during mandatory link verification. - [EXTERNAL_DOWNLOADS]: The skill programmatically downloads external dependencies to maintain its toolset.
- Evidence:
Workflows/Fabric.mdexecutes agit clonecommand to download thefabric-project/fabricrepository from GitHub if the directory is missing, ensuring the latest patterns are available for the agent.
Audit Metadata