read
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted data from external URLs and user-provided text, creating a surface for indirect prompt injection. 1. Ingestion points: External content retrieved via the fetch tool and user-pasted text (SKILL.md). 2. Boundary markers: The instructions do not define specific delimiters or instructions to ignore embedded commands within the fetched content. 3. Capability inventory: The skill is purely instructional and utilizes the fetch and search tools; no scripts or executable code are included. 4. Sanitization: No explicit sanitization or filtering of the input content is specified.
- [NO_CODE]: The skill consists entirely of markdown instructions and analysis templates, containing no scripts, binaries, or executable code, which significantly reduces the technical attack surface.
Audit Metadata