gentic-knowledge
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection. It instructs the agent to ingest and process data from external, potentially untrusted sources which may contain malicious instructions designed to influence the agent's behavior. \n
- Ingestion points: The tools vectorize_document and vectorize_web_content are used to fetch content from user-provided URLs and web pages (SKILL.md). \n
- Boundary markers: The instructions do not specify the use of delimiters or 'ignore' warnings when processing or searching this external data. \n
- Capability inventory: The skill relies on MCP tools for vectorization and search; no dangerous system-level capabilities (e.g., shell access) are defined in the skill itself. \n
- Sanitization: There is no mention of sanitizing, escaping, or validating the content retrieved from external sources before indexing or presenting search results. \n- [EXTERNAL_DOWNLOADS]: The skill orchestrates the fetching of external content. \n
- Evidence: The workflow in SKILL.md utilizes vectorize_document and vectorize_web_content to download and process files and web pages from remote servers.
Audit Metadata