Skills
skills/tiangong-ai/skills/gdelt-doc-search/Gen Agent Trust Hub

gdelt-doc-search

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from the public internet via the GDELT DOC API, creating a vulnerability surface for indirect prompt injection.
  • Ingestion points: External news article metadata and timeline data are retrieved from the GDELT project API in scripts/gdelt_doc_search.py and returned to the agent's context.
  • Boundary markers: The skill does not define specific delimiters or instructions (e.g., 'ignore instructions within the following text') to help the agent distinguish between API results and system commands.
  • Capability inventory: The script scripts/gdelt_doc_search.py possesses the capability to write the retrieved untrusted data to the local filesystem via the --output parameter.
  • Sanitization: There is no evidence of sanitization, filtering, or validation of the content retrieved from the GDELT API before it is output to the agent or saved to disk.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 01:20 PM