company-research
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill consists entirely of Markdown documentation, templates, and examples. No executable scripts (.py, .js, .sh), binaries, or automated command-line operations were detected in the files.
- [PROMPT_INJECTION]: While the skill defines a process for an agent to ingest information from untrusted external sources (executive interviews, blogs, news sites), this is classified as a vulnerability surface for Indirect Prompt Injection. Because the skill itself is purely instructional and contains no automated tools, the risk is inherent to the agent's browsing capabilities rather than the skill's implementation.
- Ingestion points: External research sources such as LinkedIn, YouTube, and news publications (documented in
SKILL.mdSteps 3-8). - Boundary markers: No specific delimiters or 'ignore embedded instructions' warnings are provided to the agent to isolate research data.
- Capability inventory: The skill does not provide or request additional system capabilities; it relies on the agent's existing tools for search and retrieval.
- Sanitization: No sanitization or validation logic is defined within the research templates.
Audit Metadata