daishin-report-search

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it retrieves and processes untrusted HTML content from an external source.
  • Ingestion points: The workflow in SKILL.md fetches raw HTML files from a public GitHub repository (jay-jo-0/github_pages_repo) using both the GitHub Tree API and raw content URLs.
  • Boundary markers: The skill lacks explicit boundary markers or instructions to the agent to ignore any command-like text that might be embedded within the external HTML reports.
  • Capability inventory: The skill utilizes Node.js execution (via local scripts in packages/daishin-report-search/) and network connectivity to retrieve data.
  • Sanitization: There is no evidence of sanitization or filtering to remove potential instructions from the HTML data before it is presented to the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 04:06 PM
Security Audit — agent-trust-hub — daishin-report-search