sf-b2c-jobs
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructions direct the agent to retrieve information using
WebSearchandWebFetchto ensure it uses the latest documentation. This creates an indirect prompt injection attack surface where content from external, untrusted web sources could be ingested into the agent's context. - Ingestion points: Untrusted data enters the agent context through the use of
WebSearchandWebFetchtools as specified inSKILL.md. - Boundary markers: The instructions do not include requirements for delimiters or specific warnings to ignore instructions embedded within the retrieved documentation.
- Capability inventory: The skill allows the use of powerful tools including
Bash,Write, andEditas defined in the YAML frontmatter. - Sanitization: There are no procedures defined for the agent to sanitize or validate the content retrieved from external websites before it is processed.
Audit Metadata