ask
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability where user-provided input is directly interpolated into the execution logic.
- Evidence: In SKILL.md, the
${ARGUMENTS}variable is placed directly into the prompt structure under 'User Question', which can be exploited to bypass instructions or inject malicious commands into the parallel agents. - Ingestion points: Untrusted data enters the agent context through the
${ARGUMENTS}variable and via the findings aggregated from the 'Explore' sub-agents. - Boundary markers: The skill does not employ boundary markers, delimiters, or explicit instructions for the agent to ignore potentially malicious content within the search results or user questions.
- Capability inventory: The skill utilizes the
Tasktool to orchestrate multiple sub-agents, creating an attack surface where a single injection could influence multiple parallel processes. - Sanitization: There is no evidence of sanitization, escaping, or validation of the input arguments or the search findings before they are processed by the synthesis step.
Audit Metadata