tech-info-gathering
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were detected. The skill consists entirely of instructional markdown files providing a methodology for information gathering.
- [COMMAND_EXECUTION]: The skill mentions performing 'Experimental Verification' using shell commands (e.g., node, python, docker) in
SKILL.mdandreferences/research-methods.md. These are described as manual verification steps for developers to validate technical findings using minimal reproduction code, not as automated triggers for remote or untrusted scripts. - [EXTERNAL_DOWNLOADS]: The skill guides the agent to search for information on reputable platforms like GitHub, npm, PyPI, and official documentation sites. It does not perform any automated downloads or package installations.
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it involves reading and processing untrusted data from the web (e.g., GitHub Issues, Stack Overflow).
- Ingestion points: Web search results, GitHub Issues/PRs, Stack Overflow answers, and community forums.
- Boundary markers: The skill suggests using specific markdown templates for recording findings, but does not provide explicit technical delimiters to prevent the agent from obeying instructions embedded in retrieved data.
- Capability inventory: Capability to execute shell commands (
node,python,docker) for local experiments is mentioned inreferences/research-methods.md. - Sanitization: No automated sanitization is described. However, the skill includes a 'Caution' section warning about AI hallucinations and the need to verify information against primary sources (official documentation and source code).
Audit Metadata