Skills
skills/benbrastmckie/.config/skill-researcher/Gen Agent Trust Hub

skill-researcher

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill retrieves content from external websites and local files, which may contain adversarial instructions. 1. Ingestion points: WebFetch and WebSearch for external data; Read, Grep, and Glob for codebase data. 2. Boundary markers: Absent. The skill instructions do not define delimiters or markers to isolate fetched content. 3. Capability inventory: Read, Write, WebSearch, and WebFetch. 4. Sanitization: Absent. The skill synthesizes findings directly into reports.
  • Data Exposure & Exfiltration (LOW): The skill possesses both read access to the local codebase and outbound network access through WebFetch. While consistent with its stated purpose of research, this toolset provides a technical vector for data exfiltration.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:16 PM