news
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and summarizes content from untrusted external websites.
- Ingestion points: Content is fetched from URLs defined in config/sources.yaml and from arbitrary domains encountered during automated searches or user-requested deep reading in SKILL.md (Step 2 and 3).
- Boundary markers: The instructions do not specify any delimiters or guardrails to ensure the agent ignores potential malicious commands embedded in the retrieved web content.
- Capability inventory: The skill utilizes tools such as search-and-fetch, defuddle, crwl, and agent-browser to interact with external web pages, as detailed in SKILL.md and references/fetch-strategy.md.
- Sanitization: There is no evidence of content filtering, validation, or sanitization before the information is processed and presented to the user.
- [EXTERNAL_DOWNLOADS]: The skill performs automated network operations to retrieve data for its summaries.
- Evidence: It uses the defuddle and crwl tools to fetch content from configured URLs (e.g., Hacker News, MIT Technology Review) and dynamic search results as part of its core logic.
Audit Metadata