tiger-in-the-wild-research
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it fetches and processes content from arbitrary third-party websites discovered via web searches.
- Ingestion points: Third-party URLs fetched during the monthly research scan (Step 2).
- Boundary markers: The instructions do not define clear delimiters or provide the agent with "ignore embedded instructions" warnings for the external content it reads.
- Capability inventory: The agent has the ability to read and write local files (state and output directories) and perform extensive web searches and page fetches.
- Sanitization: There is no mention of sanitizing or filtering the fetched content before the agent analyzes it to determine its "tier" or production metrics.
- [EXTERNAL_DOWNLOADS]: The skill core functionality involves downloading content from a wide array of non-whitelisted external domains found through search engine results. While necessary for the research task, this behavior interacts with untrusted web content.
- [DATA_EXFILTRATION]: Although the skill performs numerous GET requests to external sites, there is no evidence of local data exfiltration. The skill is designed to accumulate data into local files, and the author explicitly includes notes about gitignoring these files to prevent accidental public disclosure of business intelligence.
Audit Metadata