lead-research-assistant
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONNO_CODE
Full Analysis
- [NO_CODE] (SAFE): The skill is composed entirely of natural language instructions in a Markdown file. It does not include any scripts, executable files, or third-party package dependencies.
- [PROMPT_INJECTION] (MEDIUM): The skill is susceptible to Indirect Prompt Injection (Category 8) because it directs the agent to ingest and analyze untrusted content from the public web.
- Ingestion points: The research workflow (SKILL.md) directs the agent to scrape or read data from LinkedIn profiles, GitHub repositories, Twitter/X posts, and company blogs.
- Boundary markers: There are no instructions to use delimiters or ignore potential commands embedded within the gathered lead data.
- Capability inventory: The agent is expected to use this data to perform 'Lead Qualification Scoring' and 'Outreach Strategy' generation, which results in external-facing outputs.
- Sanitization: The skill does not define any sanitization or validation steps for the data retrieved from external sources, allowing an attacker to potentially manipulate the agent's research results or outreach content via malicious instructions placed in public profiles.
Audit Metadata