learn
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by instructing the agent to gather and process primary sources from external URLs.
- Ingestion points: Phase 1 (Collect) involves downloading and converting external URLs to Markdown, specifically encouraging the use of automated tools to fetch remote content.
- Boundary markers: Absent; the instructions do not include specific delimiters or guidelines to ignore potential instructions embedded within the retrieved research materials.
- Capability inventory: The agent is granted access to powerful tools including Bash, WebSearch, Write, and Edit, which could be misused if malicious instructions in the ingested content were to be executed by the agent.
- Sanitization: Absent; the workflow does not specify any validation, filtering, or sanitization of the external content before it is processed or used to generate drafts.
- [EXTERNAL_DOWNLOADS]: The skill documentation suggests using the r.jina.ai service to facilitate the conversion of external URLs into Markdown format for research processing.
Audit Metadata