read-docs
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by instructing the agent to fetch and reason over content from external websites. Malicious instructions embedded within documentation pages could influence the agent's behavior during processing.
- Ingestion points: Fetches data from external URLs including
/llms.txt, documentation pages (as raw MDX), and search API endpoints (SKILL.md). - Boundary markers: Absent. The instructions do not provide delimiters or specific warnings to the agent to disregard instructions found within the fetched content.
- Capability inventory: Network read operations via HTTP GET requests.
- Sanitization: Absent. There is no requirement to validate, filter, or escape the content retrieved from external sources.
- [EXTERNAL_DOWNLOADS]: The skill performs network operations to retrieve text and structured data from arbitrary domains identified as documentation hosts. While this is the intended functionality, it involves downloading data from external, untrusted sources.
Audit Metadata