page-audit
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) due to its core functionality of fetching and processing external web content.
- Ingestion points: The agent fetches full rendered content from a user-provided URL (Step 1) and from the top 10 Google search results (Step 3) in
SKILL.md. - Boundary markers: The instructions lack specific delimiters or system-level warnings to the agent to treat fetched content as data only and to ignore any natural language instructions found within that content.
- Capability inventory: The skill focuses on generating a multi-dimension audit report. While it doesn't explicitly invoke dangerous shell or file-write operations, the agent's interpretation of the audit could be skewed by malicious content.
- Sanitization: There is no evidence of pre-processing or sanitization of the fetched HTML/text to strip potential injection vectors before the agent reads it.
Audit Metadata