research
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from the web via the WebFetch tool, creating a surface for indirect prompt injection where malicious content on a researched page could attempt to influence agent findings or subsequent recommendations.
- Ingestion points: WebFetch tool used in Step 2 to read content from external URLs (SKILL.md).
- Boundary markers: Absent; the protocol does not specify markers or instructions to isolate untrusted web content from the agent's internal reasoning.
- Capability inventory: The skill performs file writing to the .planning/research/ directory and recommends actions based on the research (SKILL.md).
- Sanitization: Absent; findings are extracted and summarized directly from external sources without explicit validation or sanitization of the content for instructions.
Audit Metadata