research-protocol
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of fetching and processing untrusted data from the web.
- Ingestion points: Data is ingested through the
web-fetchtool as described inSKILL.mdwhen retrieving search results. - Boundary markers: The instructions lack explicit delimiters or "ignore instructions" directives to prevent the agent from following commands embedded in fetched Markdown content.
- Capability inventory: The skill uses search and retrieval tools including
web-search,web-fetch, and various package/repository searches to gather information. - Sanitization: There is no mention of sanitization, filtering, or validation of the content retrieved from external sources before it is added to the evidence list.
Audit Metadata