agency-onboard
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it retrieves content from user-specified URLs and processes it via sub-agents without sanitization or protective delimiters.
- Ingestion points: Phase 1 and Step 1 of all five sub-agent prompts use WebFetch on external URLs provided by the user.
- Boundary markers: The instructions do not define clear delimiters or provide directives for the sub-agents to disregard potentially malicious commands embedded within the retrieved website content.
- Capability inventory: The agent can search the web, fetch content, launch sub-agents using the Agent tool, and write markdown reports to the local file system.
- Sanitization: There is no evidence of filtering, escaping, or validation logic applied to the external content before it is incorporated into the sub-agent prompts.
- [EXTERNAL_DOWNLOADS]: The skill performs multiple network requests to external, user-provided domains using the WebFetch and WebSearch tools to gather business intelligence, reputation data, and compliance information.
Audit Metadata