search-first
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the ingestion of external data from the web via
WebSearchandWebFetch, creating a surface for indirect prompt injection where malicious instructions could be embedded in search results. - Ingestion points: Untrusted data enters the agent context through
WebSearchandWebFetchoperations during the evaluation of technical solutions. - Boundary markers: The workflow does not specify the use of delimiters or explicit instructions to the agent to disregard embedded commands in retrieved content.
- Capability inventory: The skill is granted access to the
BashandWebFetchtools, providing a potential path for exploitation if instructions from untrusted sources are inadvertently followed. - Sanitization: There are no technical sanitization steps defined for content retrieved from the web, although the process includes manual checkpoints to verify library safety and maintenance.
Audit Metadata