lead-research-assistant
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access commands were identified in the skill's instructions.
- [NO_CODE]: The skill consists exclusively of markdown documentation and contains no executable scripts or external code dependencies, minimizing the technical attack surface.
- [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection due to its research functionality. 1. Ingestion points: Web search results, company websites, and job postings. 2. Boundary markers: None specified in the instructions. 3. Capability inventory: The skill utilizes codebase analysis (file read) and web search (network access) to perform its duties. 4. Sanitization: No explicit sanitization or filtering of external data is mentioned. This surface is considered a standard risk for research tools and no malicious intent was detected.
Audit Metadata