research
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection via external web content.
- Ingestion points: The skill ingests data from 'docs/PRD.md' and crawls untrusted external sources including web search results, App Store reviews, Reddit, and Product Hunt comments.
- Boundary markers: There are no delimiters or instructions to ignore potential commands embedded in the external content (e.g., instructions within a review intended to hijack the agent).
- Capability inventory: The skill has the ability to read from and write to the local file system (specifically the 'docs/' directory) and perform web searches.
- Sanitization: The skill lacks any sanitization, filtering, or validation of the external content before it is processed or written into research documents and the PRD.
Audit Metadata