web-search
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill fetches and processes untrusted external content, creating a vulnerability surface for indirect injection attacks.
- Ingestion points: External web content fetched via the
fetch_webpagetool and literature search results frommcp_pubmed_search_*. - Boundary markers: Absent. The instructions do not define delimiters or specific 'ignore instructions' warnings for the fetched content.
- Capability inventory: The skill possesses network read capabilities (
fetch_webpage) which can be used to pull malicious payloads into the agent's context. - Sanitization: No sanitization or escaping mechanisms are described for the data retrieved from external URLs.
- [External Downloads] (LOW): The skill is designed to interact with remote resources on the open web. While this is its core purpose, it facilitates the retrieval of potentially malicious code or data from untrusted domains.
Audit Metadata