web-research
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill possesses a significant Indirect Prompt Injection surface. It ingests untrusted external content via WebSearch and WebFetch tools.
- Ingestion points: Data enters the agent context from arbitrary web sources.
- Boundary markers: The skill lacks delimiters (e.g., XML tags, triple quotes) or specific instructions to the agent to disregard instructions found within the fetched content.
- Capability inventory: The skill is authorized to perform file-write operations by saving results to the analysis/ folder. The combination of untrusted input and side-effect capabilities (file modification) justifies a HIGH severity rating.
- Sanitization: No validation, escaping, or filtering of the external content is performed before it is processed or saved to the filesystem.
Recommendations
- AI detected serious security threats
Audit Metadata