research-add-fields
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's workflow creates an indirect prompt injection surface.
- Ingestion points: External data is ingested through web searches and direct user input in Step 2 of the workflow.
- Boundary markers: The instructions do not specify the use of delimiters or "ignore embedded instructions" guards when processing web search results in SKILL.md.
- Capability inventory: The skill has the capability to read local files and append content to them as described in Step 1 and Step 4.
- Sanitization: There is no mention of automated validation or sanitization for the content retrieved from external sources before it is presented to the user.
- Mitigation: The workflow includes a mandatory user confirmation step in Step 3 before any data is written to the file system, which serves as a human-in-the-loop security check.
Audit Metadata