research
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its reliance on external, untrusted data to generate local configuration files.\n
- Ingestion points: Data is ingested from the output of a
web-search-agentin Step 2 and from user-supplied field definition files in Step 3.\n - Boundary markers: There are no boundary markers or instructions to ignore embedded commands in the prompt template sent to the web-search-agent.\n
- Capability inventory: The skill possesses the capability to create directories and write files (
outline.yamlandfields.yaml) to the local file system in Step 5.\n - Sanitization: No sanitization or validation is performed on the data fetched from the web before it is incorporated into the research outline.
Audit Metadata