Search-first troubleshooting with a diagnostic phase — use when an error, bug, or unexpected behaviour is reported.
60
75%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Advisory
Suggest reviewing before use
Security
1 medium severity finding. This skill can be installed but you should review these findings before use.
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Third-party content exposure detected (high risk: 0.85). The workflow’s **Search (WebSearch)** step explicitly fetches public web content at runtime (e.g., StackOverflow/GitHub/Docs/Reddit pages) and ingests their readable text into the agent’s LLM context, which is outsider-authored free text.