linkbuilding
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it retrieves and processes content from external domains to perform phase assessments. If a target website contains hidden instructions, they could potentially influence the agent's reasoning or tactic selection.
- Ingestion points: The agent fetches the homepage of the user-provided domain and analyzes Google search results (SKILL.md).
- Boundary markers: The skill does not provide explicit delimiters or instructions to ignore embedded agent commands when reading external site content.
- Capability inventory: The agent uses web browsing and search tools to assess content volume and brand presence.
- Sanitization: No sanitization or filtering of retrieved HTML content is specified before the agent processes the information.
Audit Metadata