tech-search
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill identifies as having an indirect prompt injection surface because it ingests untrusted data from external web sources via search tools in Phase 3 (SKILL.md). The data is passed to sub-agents without explicit boundary delimiters. Mitigations include internal sanitization logic, URL validation, and confining output to documentation-only formats.
- [SAFE]: The skill implements strict directory-level security using veto conditions (VETO_FORBIDDEN_PATH) and scope boundaries that prevent writing files outside of the
docs/research/path. This effectively prevents unauthorized modification of sensitive system files or configuration directories like.claude/. - [SAFE]: The skill's configuration contains explicit prohibitions against code implementation, agent creation, or script execution. Veto conditions (VETO_IMPLEMENTATION_REQUEST) redirect user requests for code generation to appropriate development tools, ensuring the research pipeline remains non-executable.
Audit Metadata