sister-macro
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process data from external websites.
- Ingestion points: Real-time financial quotes and news retrieved from the web via the web_search tool from sites like Investing.com and TradingView.
- Boundary markers: The instructions do not provide explicit delimiters or ignore-instructions for the ingested search data, which is a best-practice violation.
- Capability inventory: The agent can perform recursive web searches and generate investment strategies based on findings.
- Sanitization: There is no evidence of sanitization or content validation for data retrieved from external search results.
Audit Metadata