find-data
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes content from untrusted external websites during the dataset verification phase.
- Ingestion points: The agent is instructed to use
web_fetchin Phase 3 to visit dataset landing pages and confirm availability. - Boundary markers: There are no instructions to use delimiters or ignore instructions found within the fetched external content.
- Capability inventory: The agent can perform network requests and generate Python scraping scripts.
- Sanitization: No sanitization or validation of external content is required before processing.
- [DATA_EXFILTRATION]: The skill conducts network operations to a wide variety of non-whitelisted domains, especially when searching for "Creative and non-traditional sources" (Phase 1, Category F) and "non-traditional datasets" (Important Guidance).
- [COMMAND_EXECUTION]: The skill instructs the agent to generate and use Python scripts for web scraping (using
requests,BeautifulSoup, orSelenium) and for inspecting data contents, which involves local code generation and potential execution.
Audit Metadata