daishin-report-search
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it retrieves and processes untrusted HTML content from an external source.
- Ingestion points: The workflow in
SKILL.mdfetches raw HTML files from a public GitHub repository (jay-jo-0/github_pages_repo) using both the GitHub Tree API and raw content URLs. - Boundary markers: The skill lacks explicit boundary markers or instructions to the agent to ignore any command-like text that might be embedded within the external HTML reports.
- Capability inventory: The skill utilizes Node.js execution (via local scripts in
packages/daishin-report-search/) and network connectivity to retrieve data. - Sanitization: There is no evidence of sanitization or filtering to remove potential instructions from the HTML data before it is presented to the agent's context.
Audit Metadata