news-tracker
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process untrusted data from external websites via the
search_webtool. - Ingestion points: External content retrieved during Step 3 (Search Execution) via
search_webcalls. - Boundary markers: Absent. The instructions do not provide specific delimiters or warnings to the agent to disregard instructions that might be embedded in the retrieved news content.
- Capability inventory: The skill is limited to formatting text and generating tables; it lacks dangerous capabilities like file system writing, network exfiltration of local data, or subprocess execution.
- Sanitization: Absent. There is no explicit logic to filter or sanitize the content returned by the search tool before it is presented to the user or used to answer questions.
Audit Metadata