Skills
skills/cyranob/web-forager/fact-check/Gen Agent Trust Hub

fact-check

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses uvx and uv run to execute search utilities like web-forager and ddgs. It also utilizes curl for network requests.
  • [EXTERNAL_DOWNLOADS]: Downloads Python packages (web-forager, ddgs, requests) from official registries at runtime to ensure tools are available.
  • [EXTERNAL_DOWNLOADS]: Connects to r.jina.ai (Jina Reader) to fetch and convert web pages into a format suitable for the agent.
  • [PROMPT_INJECTION]: The skill is designed to fetch and process arbitrary web content, which presents a surface for indirect prompt injection where malicious instructions could be embedded in the fetched articles.
  • Ingestion points: Web content fetched via Jina Reader or search results in SKILL.md.
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between the skill's instructions and the fetched data.
  • Capability inventory: The skill has access to shell execution (uvx, uv run, curl) and network operations.
  • Sanitization: No sanitization or filtering of external content is specified before the agent processes it.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 01:24 AM
Security Audit — agent-trust-hub — fact-check