best-practices
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because its primary function involves fetching and processing data from external, untrusted sources like documentation websites and search engines.
- Ingestion points: Untrusted data enters the agent context via 'WebSearch', 'find-docs' (Context7), and any URLs supplied by the user.
- Boundary markers: XML-style tags such as and are used in the prompt templates to provide structure and help separate retrieved data from agent instructions.
- Capability inventory: The skill is configured with access to 'Bash' for shell execution and network tools, which represent capabilities that could be exploited if malicious content were processed without proper safeguards.
- Sanitization: The skill's instructions do not include specific steps for sanitizing or validating the retrieved external content before synthesis. This risk is inherent to the research-oriented nature of the skill.
- [SAFE]: No evidence of malicious behavior, obfuscation, hardcoded credentials, or unauthorized system access was identified. The skill's use of 'ctx7' is consistent with its stated purpose of documentation retrieval.
Audit Metadata