AI-Native Team Research
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
use-agentlyCLI tool from NPM and a skill module from the vendor's official GitHub repository (github.com/agentlyhq/use-agently). These are verified resources belonging to the skill author. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from multiple external sources (X, Hacker News, blogs, and web search results).
- Ingestion points: External data enters the context in Phase 1 (Live Signal Collection) and Phase 2 (Deep Dive) when fetching search results and full-page content.
- Boundary markers: There are no explicit delimiters or instructions provided to the agent to isolate or treat the ingested content as untrusted data.
- Capability inventory: Across all phases, the skill instructions use tools for web searching, content extraction (Firecrawl), and markdown rendering. No direct shell execution or sensitive file writes are performed by the agent on the ingested data.
- Sanitization: No explicit sanitization or filtering of the external content is implemented before it is processed for synthesis.
Audit Metadata