foreign-trade-research

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core function of ingesting and analyzing content from the open web.\n
  • Ingestion points: Ingests untrusted data from Exa search results and direct website content via Playwright across multiple research steps (e.g., Step 1, Step 2, and Step 4).\n
  • Boundary markers: The instructions do not implement delimiters or 'ignore instructions' warnings to isolate external content from the agent's logic.\n
  • Capability inventory: The skill uses task agents to process data and has the capability to write the results into markdown files in the project root.\n
  • Sanitization: There is no evidence of content filtering or sanitization of the retrieved web data before it is passed to the LLM for report generation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 08:44 AM
Security Audit — agent-trust-hub — foreign-trade-research