foreign-trade-research
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core function of ingesting and analyzing content from the open web.\n
- Ingestion points: Ingests untrusted data from Exa search results and direct website content via Playwright across multiple research steps (e.g., Step 1, Step 2, and Step 4).\n
- Boundary markers: The instructions do not implement delimiters or 'ignore instructions' warnings to isolate external content from the agent's logic.\n
- Capability inventory: The skill uses task agents to process data and has the capability to write the results into markdown files in the project root.\n
- Sanitization: There is no evidence of content filtering or sanitization of the retrieved web data before it is passed to the LLM for report generation.
Audit Metadata