web-research-workflow
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill logic and instructions align with its stated purpose of web research and monitoring. It follows security best practices by recommending environment variables for API keys and using temporary directories for local caches.
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool for legitimate data processing and retrieval tasks, such as using
jqfor JSON manipulation,difffor comparing snapshots, andcurlfor interacting with the Tavily API. - [EXTERNAL_DOWNLOADS]: Communicates with the official Tavily API (
api.tavily.com) for semantic search and batch content extraction. This is a well-known service for research automation. - [PROMPT_INJECTION]: The skill possesses an inherent attack surface for indirect prompt injection as it ingests untrusted content from external websites.
- Ingestion points: Retrieves external web content via
WebFetch,Tavily, andagent-browser(e.g., inrules/browser-patterns.md). - Boundary markers: The prompts do not specify clear delimiters or isolation instructions to the agent when processing the retrieved content.
- Capability inventory: The agent has access to
Bash(command execution) andWrite(filesystem access), which are powerful capabilities if influenced by malicious instructions in scraped data. - Sanitization: No explicit sanitization or filtering of the extracted web content is implemented before it enters the model's context.
Audit Metadata