israeli-fact-checker
Fail
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Obfuscation via homoglyphs was detected in
evidence.json. The identifierverdict-matе(line 35) uses a Cyrillic 'е' (U+0435) instead of the Latin 'e' (U+0065). This is a common technique used to evade text-based security filters or cause logic errors during data processing. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its design, which involves ingesting and acting upon untrusted data from users and external web sources.
- Ingestion points: Processes claims provided by the user and retrieves content from external websites or documents (Step 1 and Step 3 in
SKILL.md). - Boundary markers: The instructions provide a specific workflow to isolate atomic assertions and require a structured output template for the final verdict to help maintain agent context.
- Capability inventory: The skill allows the agent to fetch arbitrary URLs and execute several MCP tools (e.g.,
budgetkey,knesset) to retrieve data. - Sanitization: The instructions explicitly direct the agent to strip rhetoric and opinion from input and strictly forbid the fabrication of figures not found in the source material.
- [EXTERNAL_DOWNLOADS]: The skill fetches data and configuration from well-known Israeli government portals and official financial services, including
cbs.gov.il,boi.org.il,next.obudget.org, anddata.gov.il.
Recommendations
- AI detected serious security threats
Audit Metadata