oneshot-research
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process content from external, untrusted sources.
- Ingestion points: External data enters the agent context through the
agent.webReadandagent.researchmethods inSKILL.md, which retrieve content from arbitrary URLs or web search results. - Boundary markers: The instructions do not define clear boundaries or include specific warnings to the agent to ignore instructions embedded within the retrieved web content.
- Capability inventory: The skill facilitates the conversion of web pages into markdown for agent consumption, which could allow malicious instructions in the source content to influence the agent's behavior.
- Sanitization: No specific sanitization, filtering, or validation logic is defined for handling the retrieved external content before it is processed.
Audit Metadata