signal-scanner

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface because it processes untrusted data from external search results.
  • Ingestion points: The skill ingests data from the internet via the exa-search__web_search_advanced_exa tool as part of its daily and on-demand scanning workflows.
  • Boundary markers: There are no explicit delimiters or specific instructions in the workflow to isolate the retrieved web snippets from the agent's logic or to explicitly mark them as untrusted.
  • Capability inventory: The skill interacts with the pipeline-manager tool (which likely modifies local data state) and provides automated reports to the chat interface.
  • Sanitization: The instructions do not describe a process for sanitizing, validating, or escaping search result content before it is used for scoring or reporting to the user.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 02:20 AM
Security Audit — agent-trust-hub — signal-scanner