search-query-analyst
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by design.\n
- Ingestion points: Processes external, untrusted search term reports retrieved from APIs or provided via files (referenced in 'Tooling \u0026 Automation').\n
- Boundary markers: Absent. There are no instructions to the agent to treat search query content as untrusted or to ignore embedded instructions within that data.\n
- Capability inventory: The skill has access to the
bashtool,gitoperations, and file system reads/writes.\n - Sanitization: Absent. No mention of sanitizing or validating search query data before processing it through the agent's logic.\n- [COMMAND_EXECUTION]: The skill explicitly grants access to the
bashtool for tasks such as executing commands, running tests, and reading logs. While standard for many developer-oriented agents, this capability increases the potential impact if the agent is manipulated via indirect prompt injection from the search data it analyzes.
Audit Metadata