sf-security
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill encourages fetching current security documentation (e.g., SLAS, PCI DSS v4) via WebSearch and WebFetch. This ingestion of external, untrusted content represents a surface for indirect prompt injection where an attacker could poison search results to influence the agent's behavior.\n
- Ingestion points: External content is brought into the agent context through the
WebFetchtool after searching for guides inSKILL.md.\n - Boundary markers: There are no explicit boundary markers or instructions to isolate the fetched external content from the skill's own instructions, increasing the risk of the agent following embedded commands.\n
- Capability inventory: The skill is granted access to the
Write,Edit, andBashtools, which provides a high-impact capability surface if the agent is influenced by malicious instructions in the fetched data.\n - Sanitization: The skill lacks mechanisms to sanitize or validate the content of the fetched external documentation before processing.
Audit Metadata