well-actually
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting and processing untrusted data from external websites and source code files.
- Ingestion points: Agents are instructed to visit user-provided URLs and read various local files (source code, templates, CSS) as defined in the 'Code Access Rules' table in 'SKILL.md'.
- Boundary markers: The prompt templates provided to the sub-agents lack explicit boundary markers or instructions to disregard potential commands embedded within the reviewed content.
- Capability inventory: The skill utilizes browser MCP tools for network access and maintains file system read permissions.
- Sanitization: No sanitization, escaping, or validation of retrieved web content or source code is performed before analysis.
- [DATA_EXFILTRATION]: The skill allows broad access to source code and utilizes network capabilities.
- The 'HN Commenter' persona is explicitly granted access to read all source code files in the project.
- The prompt template directs sub-agents to use browser tools to visit external URLs, constituting network activity that could be leveraged for data exposure if sensitive information is handled.
Audit Metadata