system-study
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill ingests data from external web sources, including GitHub repositories and official documentation, during its research phase (Stage 3). While this represents a theoretical attack surface for indirect prompt injection, it is the primary intended function of the skill. Evidence includes:
- Ingestion points: Sub-agents (A-E) fetch content from URLs and repositories defined in
reference/stage-3-subagent-templates.md. - Boundary markers: The skill does not explicitly use strict delimiters (e.g., XML tags) to isolate untrusted fetched content from its internal instructions, although sub-agent prompts contain detailed output formatting constraints.
- Capability inventory: The agent uses
Writefor local file output andAgentfor task delegation. - Sanitization: No specific sanitization logic is described for the content retrieved from external sources before it is processed by the main agent for HTML generation.
- [EXTERNAL_DOWNLOADS]: The skill performs research by fetching documentation and examples from trusted organizations (Anthropic, OpenAI, Google) and well-known services (GitHub, community forums). These operations are well-documented and essential to the skill's functionality.
- [COMMAND_EXECUTION]: The skill utilizes the platform's
Agenttool to orchestrate sub-agents for parallel research. This use of multi-agent architecture is a standard platform capability for complex reasoning tasks and does not involve unauthorized shell access or privilege escalation.
Audit Metadata