news
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by ingesting and processing content from external, untrusted web sources.
- Ingestion points: Data enters the agent's context through the
search-and-fetchtool, as well as via web crawlers likedefuddleandcrwlwhich fetch content from URLs defined inconfig/sources.yamland dynamic search results. - Boundary markers: The skill lacks explicit instructions or delimiters (e.g., XML tags or clear 'ignore instructions' warnings) to encapsulate fetched news content and prevent it from being interpreted as a command by the LLM.
- Capability inventory: The skill utilizes web search and navigation capabilities (
search-and-fetch,defuddle,crwl,agent-browser) to interact with external environments. - Sanitization: There is no logic present to sanitize or filter the content of news summaries for potentially malicious instructions or prompt injection patterns before they are displayed to the user.
Audit Metadata