topic-resolver
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted user queries to generate entities used by downstream search tools.
- Ingestion points: User-provided topic strings processed in the 'The Problem' and 'Example Workflow' sections.
- Boundary markers: No markers or explicit instructions are provided to the agent to ignore embedded commands within the user topic.
- Capability inventory: The skill is designed to interface with 'oracle' and 'harvest' agents which possess network search and deep crawling capabilities.
- Sanitization: The instructions lack any input validation, escaping, or filtering of the user-provided content before it is used to determine search targets.
- [DATA_EXFILTRATION]: The skill instructions specify that topic resolutions are cached in the local file
~/.claude/topic-cache.jsonl. While intended for performance, access to the user's home directory configuration folders represents a surface for tracking or information exposure if the integrated agents are compromised.
Audit Metadata