research-workflow
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect prompt injection surface identified. The skill is designed to process untrusted data from the web and GitHub and has access to powerful tools. 1. Ingestion points: WebSearch and WebFetch tools used in SKILL.md. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are defined in the workflow. 3. Capability inventory: The skill has access to Bash, Write, and Edit tools (SKILL.md). 4. Sanitization: No sanitization or validation of external data is specified.
- [COMMAND_EXECUTION] (SAFE): The Bash tool is permitted for research purposes, but no malicious predefined scripts or command sequences were detected.
- [DATA_EXFILTRATION] (SAFE): No hardcoded credentials, sensitive file path access, or unauthorized network exfiltration patterns were found.
Audit Metadata