geo-citability
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted web content via WebFetch and provides analysis/rewrites. An attacker could embed malicious instructions in a web page to influence the agent's behavior.
- Ingestion points: Target URLs fetched via WebFetch in Step 1 of the analysis procedure.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the fetched content are specified.
- Capability inventory: The skill is granted access to Bash and Write tools.
- Sanitization: No sanitization or filtering of the fetched content is mentioned before processing.
- [COMMAND_EXECUTION]: The 'Bash' tool is included in the 'allowed-tools' metadata. While the current instructions do not utilize it, the presence of this tool increases the risk if the agent is compromised via indirect prompt injection from analyzed web pages.
- [EXTERNAL_DOWNLOADS]: The skill uses 'WebFetch' to retrieve content from external URLs. While this is the core functionality of the skill, it represents a data ingestion vector for untrusted content.
Audit Metadata