topic-collector
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted data from multiple external sources like Twitter/X, Reddit, and Hacker News.
- Ingestion points: Content retrieved via the
WebSearchtool from the social platforms and blogs mentioned in the 'Data Source' section. - Boundary markers: The skill instructions do not specify any delimiters or isolation techniques (such as XML tags or explicit 'ignore instructions' prefixes) to separate external data from the agent's system prompt.
- Capability inventory: Based on the provided markdown, the skill's capabilities are limited to searching, extracting links, and formatting output; it lacks dangerous operations like file-system writes, command execution, or network exfiltration.
- Sanitization: No sanitization or verification logic is present to filter out potential malicious instructions embedded in web content.
- Risk: An attacker could post content on a tracked platform that contains hidden instructions aimed at altering the agent's summarization style or influencing its response to the user.
Audit Metadata