external-context
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by design as it fetches and processes arbitrary content from the internet.
- Ingestion points: Web content retrieved via WebSearch and WebFetch tools used by sub-agents.
- Boundary markers: Prompt templates for both the Gemini and parallel agent paths lack explicit delimiters or instructions to ignore potentially malicious commands within the fetched web data.
- Capability inventory: The skill utilizes ask_gemini and Task tools to spawn agents with web access and text synthesis capabilities.
- Sanitization: No explicit sanitization or filtering of the retrieved external content is performed before it is processed by the LLM.
Audit Metadata