deep-learner
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its core functionality of processing external content.
- Ingestion points: Workflow Step 1 in SKILL.md retrieves content from user-provided URLs using WebFetch or accepts direct text input.
- Boundary markers: Absent. The instructions do not define specific delimiters or instructions for the agent to ignore or isolate commands embedded within the fetched data.
- Capability inventory: The skill has access to WebFetch and WebSearch tools, and it performs file writing operations to the local directory (SKILL.md Step 4).
- Sanitization: Absent. No mechanisms for validating, escaping, or filtering the ingested external content were identified in the skill's instructions or templates.
Audit Metadata