research-methodology
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- [SAFE] (SAFE): Analysis of all skill files confirms they are instructional Markdown. No scripts, binaries, or hidden malicious patterns were detected.
- [PROMPT_INJECTION] (LOW): This skill defines a workflow for processing untrusted external content (web research), which is an inherent risk of the task. 1. Ingestion points: WebSearch and WebFetch results. 2. Boundary markers: Absent. 3. Capability inventory: Local file-write to project references. 4. Sanitization: Absent. This surface is managed by the skill's emphasis on official sources, but the agent remains susceptible to indirect injection if source content contains malicious instructions.
Audit Metadata