Skills
skills/zpankz/obsidian-skills/notemdpro-web-researcher/Gen Agent Trust Hub

notemdpro-web-researcher

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from web search results.
  • Ingestion points: Untrusted data enters the context through web search results and scraped HTML content, which are interpolated into the {SEARCH_RESULTS_CONTEXT} variable.
  • Boundary markers: The prompt template used for summarization lacks delimiters or instructions to ignore embedded commands within the fetched context.
  • Capability inventory: The skill utilizes requestUrl for network access and the LLM for content generation.
  • Sanitization: No evidence of content sanitization or instruction filtering is mentioned in the documentation or logic flow.
  • [DATA_EXFILTRATION]: Risk of credential exposure via debug logs.
  • Evidence: The enableApiErrorDebugMode configuration logs the "Full API request/response." If the tavilyApiKey is transmitted via headers or query strings, it could be inadvertently exposed in the agent's logs or console output.
  • [EXTERNAL_DOWNLOADS]: The skill downloads content from arbitrary external URLs.
  • Evidence: The DuckDuckGoProvider performs web scraping and fetches full webpage content using requestUrl. While this is a core feature for research, it involves interacting with untrusted external servers and processing their data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 02:49 PM
Security Audit — agent-trust-hub — notemdpro-web-researcher