scout-prep
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill integrates untrusted external data, creating a potential surface for indirect prompt injection.
- Ingestion points: Company research data, news headlines, and employee sentiment gathered via the
WebSearchtool, as well as job listing language processed in the Research and Practice modes inSKILL.md. - Boundary markers: Absent. The skill does not define clear delimiters or use instructions to differentiate between trusted user inputs and untrusted web content.
- Capability inventory: The skill is capable of writing and appending data to local files within the user's home directory under
~/.scout/and~/.scout/history.md. - Sanitization: Absent. There are no mechanisms specified to sanitize, validate, or filter the content retrieved from external web sources before it is processed by the agent.
Audit Metadata