israeli-fact-checker

Fail

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: Obfuscation via homoglyphs was detected in evidence.json. The identifier verdict-matе (line 35) uses a Cyrillic 'е' (U+0435) instead of the Latin 'e' (U+0065). This is a common technique used to evade text-based security filters or cause logic errors during data processing.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its design, which involves ingesting and acting upon untrusted data from users and external web sources.
  • Ingestion points: Processes claims provided by the user and retrieves content from external websites or documents (Step 1 and Step 3 in SKILL.md).
  • Boundary markers: The instructions provide a specific workflow to isolate atomic assertions and require a structured output template for the final verdict to help maintain agent context.
  • Capability inventory: The skill allows the agent to fetch arbitrary URLs and execute several MCP tools (e.g., budgetkey, knesset) to retrieve data.
  • Sanitization: The instructions explicitly direct the agent to strip rhetoric and opinion from input and strictly forbid the fabrication of figures not found in the source material.
  • [EXTERNAL_DOWNLOADS]: The skill fetches data and configuration from well-known Israeli government portals and official financial services, including cbs.gov.il, boi.org.il, next.obudget.org, and data.gov.il.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 12, 2026, 08:36 PM
Security Audit — agent-trust-hub — israeli-fact-checker