learn
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it fetches and processes untrusted content from the internet to generate summaries and instructions for the agent knowledge base.
- Ingestion points: Online resources, articles, and documentation fetched via the WebFetch tool.
- Boundary markers: The skill lacks explicit boundary markers or 'ignore' instructions when extracting content, although it does instruct the agent to focus on 'key insights' and 'summaries' rather than verbatim text.
- Capability inventory: The skill has the capability to write markdown files and JSON metadata to the
agent-knowledge/directory, update master configuration/instruction files (CLAUDE.md,AGENTS.md), and invoke other enhancement skills. - Sanitization: No explicit sanitization or filtering logic is provided to identify or strip adversarial instructions embedded in the gathered web content before it is synthesized into the knowledge base.
Audit Metadata