Skills
skills/whynowlab/swing-skills/swing-research/Gen Agent Trust Hub

swing-research

Pass

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data via WebSearch and WebFetch tools, creating an indirect prompt injection surface. Maliciously crafted content on target websites could attempt to influence the agent's behavior during the research and synthesis stages.\n
  • Ingestion points: External web content retrieved during the 'Search & Collect' stage in SKILL.md.\n
  • Boundary markers: The skill provides a structured pipeline but lacks specific instructions or delimiters to isolate and ignore commands embedded in the retrieved web data.\n
  • Capability inventory: The skill environment has access to Bash, Read, Grep, Glob, and Agent tools.\n
  • Sanitization: No explicit sanitization of web-fetched content is mentioned before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 23, 2026, 11:22 PM