geo
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill fetches and analyzes content from arbitrary external URLs (Phase 1: Discovery), which serves as an entry point for untrusted data. An attacker could embed malicious instructions on a website to influence the agent's behavior during an audit.
- Ingestion points: Website HTML and sitemaps fetched via
WebFetchorcurlduring the discovery phase. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are defined in the orchestration logic.
- Capability inventory: The skill has access to powerful tools including
Bash,Write, andWebFetchacross its various components. - Sanitization: There is no evidence of sanitization or filtering of the fetched content before it is passed to subagents for analysis.
- [COMMAND_EXECUTION]: The skill uses the
Bashtool and executes a local Python script (generate_pdf_report.py) to generate PDF reports. While this is consistent with the skill's stated purpose, it represents a path for command execution that relies on the integrity of the local script environment.
Audit Metadata