tech-search
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted content from arbitrary external websites via WebFetch.
- Ingestion points: Data enters the agent context via WebFetch in Phase 3 of the workflow and through the extraction instructions in prompts/page-extract.md.
- Boundary markers: The skill relies on instructional prompts for formatting but lacks explicit delimiters (such as XML tags or security markers) to isolate external content from internal instructions.
- Capability inventory: The agent can write to the local filesystem (restricted to the docs/research/ directory) and invoke sub-agents via the Task tool.
- Sanitization: There is no evidence of content filtering or sanitization performed on the raw data retrieved from web pages before it is processed by the LLM.
- [EXTERNAL_DOWNLOADS]: The skill performs automated network operations to retrieve content from search engines and arbitrary URLs.
- Evidence: The workflow uses WebSearch, WebFetch, and specialized MCP tools (Exa, Context7) to interact with external web resources.
Audit Metadata