signal-scanner
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface because it processes untrusted data from external search results.
- Ingestion points: The skill ingests data from the internet via the
exa-search__web_search_advanced_exatool as part of its daily and on-demand scanning workflows. - Boundary markers: There are no explicit delimiters or specific instructions in the workflow to isolate the retrieved web snippets from the agent's logic or to explicitly mark them as untrusted.
- Capability inventory: The skill interacts with the
pipeline-managertool (which likely modifies local data state) and provides automated reports to the chat interface. - Sanitization: The instructions do not describe a process for sanitizing, validating, or escaping search result content before it is used for scoring or reporting to the user.
Audit Metadata